 | 1 | initial version |
You are confusing Wireshark, the protocol analyser, with a capture engine. Even though Wireshark allows you to interact with one through its user interface, it doesn't mean Wireshark is meant for such high demand capture performance.
So, what capture engines are there? As said, under the hood Wireshark uses dumpcap as its capture engine. A more common capture engine is tcpdump. For real high performance capture you may need to resort to ntopng, or specialised capture hardware solutions.
| | 2 | No.2 Revision |
You are confusing Wireshark, the protocol analyser, with a capture engine. Even though Wireshark allows you to interact with one through its user interface, it doesn't mean Wireshark is meant for such high demand capture performance.
So, what capture engines are there? As said, under the hood Wireshark uses dumpcap as its capture engine. A more common capture engine is tcpdump. For real high performance capture you may need to resort to ntopng, or specialised capture hardware solutions.solutions.
