Hi, I am trying to read and process a packet captures(pcap)of 1 GB, using tshark & lua_script using listerners, but the system memory gradually ramps up and tshark crashes when the system memory is maxed out..
Code flow is based on : http://wiretrail.guru/kager/lua-lesson-1-tapping-tcp-expert-data/
Any inputs on how to handle large files this ?, Even observed this crash for 400MB+ files as well.
My understanding is Listener is holding the memory of each packet until we complete the full packet capture , Is there a way to free up memory after processing every packet ?
example: tshark -q -r test.pcap -X lua_script:process.lua -X lua_script1:test.pcap
- Is it possible to read the packets in batches rather than loading full pcap file
Regards Dharun
