Hi
Stuart, I have heard (but not seen myself) that dumpcap has the lowest
possibility for bugs or security holes, because it is purely for saving
packet captures, and doesn't have code to parse/filter as does tshark,
tcpdump, or wireshark. So I have heard it's a good choice for security
reasons or for stability for long-term capture, not sure about for performance. Good question, I'm curious to
see what others say.
Shawn
From: Stuart Kendrick <skendric@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Sunday, October 30, 2011 9:23 AM
Subject: [Wireshark-users] tshark vs dumpcap
Is there any performance advantage to using dumpcap over tshark, for
pure packet capture? [Less chance of dropping frames perhaps?]
--sk
Stuart Kendrick
FHCRC
___________________________________________________________________________
Sent via: Wireshark-users mailing list <
wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users mailto:
wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe