Re: reduce tshark memory usage

[Pascal Quantin <pascal.quantin () gmail com>]

Hi,

2017-11-22 17:32 GMT+01:00 杜 伟强 <ishadowprince () outlook com>:

> Hello
>
> I start up a tshark process and print some usefull message into my
> database.
>
> But as times goes on ,the memory usage of tshark has been grown so big.
>
> And I find here are some word to explain this phenomenology
>
> https://wiki.wireshark.org/Reduce%20memory%20footprint
>
> but I still don’t understand about that:
>
> one packet and related information should be droped after analysis and
> print related information,isn’t it?

No, Wireshark also keeps in memory all what is needed to make the
relationship between packets (request / response tracking, conversations,
reassembly, ...).


> And I’ve successful build wireshark soure code,what I want is just some
> protocol’s field information,so
>
> Maybe there are some way to shut down tshark’s analysis feature

If you are only interested by the per packet decoding, I suggest you to
have a look at this blog entry:
https://blog.wireshark.org/2014/07/to-infinity-and-beyond-capturing-forever-with-tshark/

Best regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe