On Tue, Aug 27, 2013 at 06:53:01PM +0200, Jakub Zawadzki wrote:
> >> ./tshark -r traffic.all -Y "dns.qry.name.len > 50" -w longnames.pcap
> >
> >> Used memory grows continuously, up to over 3GB of ram. At this point my pc goes thrashing and I must kill tshark.
> >> That's not what I expected. I expected the memory to grow up to a certain size, then stop, feeding the output file.
> >> Any idea about what happens? Any suggestion on how to debug it?
>
> On Tue, Aug 27, 2013 at 02:40:07PM +0000, Anders Broman wrote:
>
> > No it will not; as state and stuff accumulates memory grows until *shark runs out of memory your mileage on
>
> Isn't it a bug? Do we need some special option for such case, or reusing
> single pass tshark is good enough?
> We should anyway do -2 pass default where we have a file (and not pipe).
IMO it's a bug. While we need to keep a lot of state for Wireshark, we don't need
(most of) it for tshark.
Ciao
Jörg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
