Re: Will capturing packets with tcpdump/tshark affect traffic processing?

[Rayne <hjazz6 () ymail com>]

> Unfortunately, there's not much you can do about it, other than:
>
>   1) using a capture filter to capture *only* the traffic you're interested in;
>
>   2) using a capture program that consumes as little CPU as possible - I'd recommend using tcpdump and >writing to a 
> capture file with -w, and then looking at the file afterwards with Wireshark.

Thanks! A couple of follow-up questions.
1) Wouldn't using a capture filter add more load to the processing, since the capturing program now also has to decode 
the packets?
2) Does tcpdump use less CPU than tshark?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe