Long term traffic capturing using dumpcap & tshark

asked 2021-01-30 14:13:43 +0000

balderman gravatar image


I am using dumpcap & tshark for long term traffic capturing (I am interested in "HTTP conversation" - HTTP Request & Response).

I fork dumpcap & tshark from my code ang get the data from tshark using stdout.

It works well.

Since tshark doesn't release the memory it allocates for the "HTTP conversation" - A script restart the capturing process when the memory usage in the machine crosses a predefined level.

When the memory allocation "slope" (Delta Memory / Delta Time) is sharp I experience a phenomena where I stop getting the "HTTP conversations" from tshark for 10-30 minutes.

My question is: Is there a way I can control tshark memory allocation "policy"?



edit retag flag offensive close merge delete