Re: tshark vs dumpcap

[Shawn T Carroll <shawnthomascarroll () yahoo com>]

Hi Stuart, I have heard (but not seen myself) that dumpcap has the lowest 
possibility for bugs or security holes, because it is purely for saving 
packet captures, and doesn't have code to parse/filter as does tshark, 
tcpdump, or wireshark.  So I have heard it's a good choice for security 
reasons or for stability for long-term capture, not sure about for performance.  Good question, I'm curious to 
see what others say.

Shawn


________________________________
From: Stuart Kendrick <skendric () fhcrc org>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Sunday, October 30, 2011 9:23 AM
Subject: [Wireshark-users] tshark vs dumpcap

Is there any performance advantage to using dumpcap over tshark, for
pure packet capture?  [Less chance of dropping frames perhaps?]

--sk

Stuart Kendrick
FHCRC
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe