tshark always hogs my RAM and eventually crashes on > 4GB pcaps. I'd love to hav... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

assafmo on May 30, 2018 | parent | context | favorite | on: Tcpdump Examples

tshark always hogs my RAM and eventually crashes on > 4GB pcaps. I'd love to have a solution for this.

lir on May 30, 2018 [–]

Try dumpcap [0], also part of the Wireshark suite. It's the back-end engine used by the Wireshark GUI as well as tshark. tshark tracks state for streams the same way the GUI will and eats your RAM, whereas dumpcap is a dumb siphon (with filtering).

0: https://www.wireshark.org/docs/man-pages/dumpcap.html

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact