Ask Your Question
0

Lightweight tshark?

asked 2018-07-27 17:30:22 +0000

mtis88 gravatar image

updated 2018-07-27 19:13:10 +0000

Hi,

Is it possible to build a lightweight version the latest stable release of tshark, with a limited subset of dissectors, assuming this is what takes up most of the space? I'm using CentOS 7.

Thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-07-27 19:47:01 +0000

Guy Harris gravatar image

It might be possible to do so, but the person attempting to do so would have to do all the work. They would have to remove dissectors from the Makefile.am or CMakeLists.txt files, and then make sure there are no places where a dissector not removed depends on a dissector that was removed.

edit flag offensive delete link more

Comments

I was worried you'd say that. I found a section on the wiki where someone had uploaded their patch file for version 1.x but it looked pretty involved. I was hoping for a simple build option where you could list the dissectors (groups of) you want!

mtis88 gravatar imagemtis88 ( 2018-07-27 22:24:41 +0000 )edit

Could you do this by creating a configuration profile including only the desired dissections and specifying that profile to tshark with the -C option?

wesmorgan1 gravatar imagewesmorgan1 ( 2018-07-30 23:30:32 +0000 )edit

I’m looking to reduce the size of the install. But I will look at this to see if it reduces the load at runtime.

mtis88 gravatar imagemtis88 ( 2018-08-02 20:57:44 +0000 )edit

Is there any advantage to using a configuration profile which only allows the dissectors required for the capture filter to function? Would it improve performance?

mtis88 gravatar imagemtis88 ( 2018-08-05 07:44:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-07-27 17:30:22 +0000

Seen: 39 times

Last updated: Jul 27