David S wrote:
Bill Meier <wmeier@...> writes:
I wouldn't have expected dumpcap memory usage to grow very much over
time as packets are captured. If it does that sounds like a bug.
However, I'm a little confused:
You indicate that dumpcap memory usage is growing but you then say
you're "using the unencryption feature of the packet dissector"
which is not in dumpcap but is in wireshark/tshark.
Wireshark/tshark memory will increase as a function of the number of
packets dissected. That's the nature of the beast.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@...>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@...?subject=unsubscribe
Ok, I'll run it again and see if I observe the same behaviour. It was
definitely dumpcap which had high memory and cpu usage.
Sorry, I mis-understood what was going on with the dissectors, I thought that
if I ran the capture through Wireshark the captures would be decoded, I was
wrong as the raw packets were output to file (obviously).
I should have been clearer in my original rely.
Wireshark runs dumpcap to do the actual capture. Dumpcap writes to a
file and Wireshark reads from the file.
So: When running a cature through Wireshark, the catures are decoded (by
Wireshark).
