 | 1 | initial version |
If performance is a concern, then I would highly advise you to stop using Wireshark for capturing. Instead, use dumpcap, which is what Wireshark uses under the hood anyway. Alternatively, you could use tcpdump.
This alone may or may not be sufficient though, so for other tips, refer to the Wireshark Performance wiki page, although there are still no guarantees. In the end, you may need external, dedicated capture hardware to obtain the performance you're seeking.
One additional tip not [yet] mentioned on the wiki page, and which may or may not help, is to try increasing the scheduling priority of the capture tool, i.e. by using nice.
