I need to automate capturing traffic (so a script will start the capturing not me) from a specific program on my machine to a remote server. It will also capture all the traffic that sent to that program on my machine. While Capturing I need to not drop any packets as every packet matters a lot in my scenario. The capturing and the communication between my program and the remote server is taking place at the same machine. I'm planning to use Wireshark to analyse the traffic as I've built my own dissector to help me with that. However, I'm not sure if it is a appropriate to use Wireshark in my settings also. As I need a command line interface rather than GUI and I also have read that that wireshark consumes a lot of the CPU. I'm hesitating between tcpdump, tshark and dumpcap to do the capturing. Guy Harris mentioned in this link that tcpdump is dropping more than tcpdump is this still true? Is there a resource to find more comprehensive comparison between these tools? asked 03 Sep '14, 11:34  flora |
One Answer:
See the answer to a similar question. And, no, we haven't changed anything in dumpcap that would make a significant difference, so tcpdump probably still has the best performance. There's also netsniff-ng for Linux. answered 03 Sep '14, 21:57  Guy Harris ♦♦ |
Actually #ifdef :ing the debug printout done per packet might have made a difference. But I haven't made any measurements.