Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5309] dumpcap use 50% of CPU

Date: Wed, 17 Nov 2010 12:29:50 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5309

Craig <craig@xxxxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |craig@xxxxxxxxxxxxxxxxxx

--- Comment #2 from Craig <craig@xxxxxxxxxxxxxxxxxx> 2010-11-17 12:29:48 PST ---
Hi Folks-

I'm new to wireshark, and have run into this exact same bug as well. I believe
I've narrowed it down a bit, and wanted to add what I've learned.

You will NOT see the problem if you simply run this command (on 1.4.2):
c:\"Program Files"\Wireshark\tshark -l -V -i -

That's because you can only get the problem to occur after dumpcap sees the
initial pcap header. As soon as it sees this header, it uses 50% of the CPU
(the maximum allowed by a thread, I'm told) even if you don't send it any
message data to decode.

I'm attaching a perl script that I wrote, which does this. If you call my perl
program tst02.pl, here's what you need to type:

c:> tst02.pl | c:\"Program Files"\Wireshark\tshark -l -V -i -

The program waits for 10 seconds for tshark to spawn dumpcap, and for everyone
to settle down. Then it prints the pcap header, and sleeps for 300 seconds.
After you see the "2: sleep 300..." line on STDERR, the CPU usage of dumpcap
goes to 50% and stays there.

Please see if you can figure out how to fix this bug. It would really help me
out.

Thanks

-Craig

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.