Wireshark mailing list archives

Re: Wireshark User's Guide: Minor addition to Appendix

From: Guy Harris <guy () alum mit edu>
Date: Thu, 29 Mar 2012 21:33:20 -0400


On Mar 29, 2012, at 2:32 PM, Daniel Borkmann wrote:

Hi Ulf, Richard and Ed,

I saw that you've put some related tools of Wireshark into Appendix D
of your guide (http://www.wireshark.org/docs/wsug_html_chunked/AppTools.html).
I was wondering if it is possible to place a page with Wireshark and
netsniff-ng (http://netsniff-ng.org/) into this section?


That section lists tools that are part of the Wireshark distribution; netsniff-ng isn't part of the Wireshark 
distribution, so it wouldn't go in that section.

The document should probably point people to the Tools page from the Wireshark Wiki:

        http://wiki.wireshark.org/Tools

which lists netsniff-ng, rather than itself mentioning third-party tols.  That way, the list of third-party tools is a 
bit more fluid than a user's manual, and can be updated as new tools arrive.

We have heard from our users that some of them switched from Wireshark to
netsniff-ng when it comes to the need of a higher performance when
capturing pcap files.


Was that "higher performance than Wireshark" (Wireshark does GUI work when capturing, even if you *aren't* doing an 
"Update list of packets in real time" capture) or "higher performance than dumpcap" (dumpcap is the program that 
Wireshark and TShark run to capture packets, and can also be run as a capture tool on its own; it's not a GUI program, 
and needn't do any per-packet I/O to the user)?

netsniff-ng is a high performance networking toolkit that uses
zero-copy for capturing (and replaying) network packets.


As does, of course, dumpcap (and thus Wireshark and TShark), if running with libpcap 1.0 or later (tcpdump and snort 
and any other program that uses libpcap for packet capture also use zero-copy if they're running with libpcap 1.0 or 
later).

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark User's Guide: Minor addition to Appendix Daniel Borkmann (Mar 29)
- Re: Wireshark User's Guide: Minor addition to Appendix Guy Harris (Mar 29)