Re: Reliability?

[Guy Harris <guy () alum mit edu>]

On Feb 19, 2010, at 5:04 AM, Jaap Keuter wrote:

> Tshark doesn't leaking memory, if it did that would be in error. What it
> does do is build up context, which expands in time, depending on the
> traffic captured.

Well, *some* of the information it builds up isn't necessary in a one-pass program such as TShark; if it reassembles 
packets, there's no need for the reassembled packet data once all the packets that contain data from it are dissected.

However, it'd take some work to free that up when it's done.  I *suspect* that's one of the main reasons why TShark 
accumulates memory.

If TShark is being used in a way where it doesn't dissect packets - e.g., if it's saving to a file, not dissecting the 
packets as it does so, and not using a read filter - it shouldn't accumulate memory.  However, in that case, it should 
largely just be running as a front end to dumpcap.

(Note that tcpdump *also* accumulates memory if you're capturing and dissecting rather than saving to a file; it keeps 
state information in order to print relative sequence numbers for TCP.  If you're saving to a binary capture file, 
using the "-w" flag, it shouldn't accumulate memory.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe