Ethereal-dev: [Ethereal-dev] Maintenance of Tethereal state information

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Amit Vashisht <amitv@xxxxxxxxxxxxxx>
Date: Fri, 21 Feb 2003 12:03:05 +0530
Date: Fri, 21 Feb 2003 12:15:01 +0530
Hi,
I have a scenario wherein tethereal is being utilized to capture packets in
the read filter mode ; so that all the dissectors are called . The capturing
of packets is intended to be long term and continuous , therefore the
ringbuffer functionality is being used to save a capture file and switch to a
new capture file.

On observing the memory usage of tethereal during capture, it was found that
the usage increased progressively as time passed.
Can the progressive increase in memory usage be due to some state information
being maintained for the packets ?

It appears that ethereal does maintain this state information ( in some
specific circumstances ) as per an earlier message of the mailing list
(http://www.ethereal.com/lists/ethereal-users/200211/msg00022.html).

I quote Ronnie Sahlberg
">>>>> .... The state in question is the stuff ethereal remembers internally
about every packet it sees, information such as when the packet was received,
size of it,   if it is an ONCRPC packet, remember the XID and some more
things,and a whole bunch of other information that a stateful analyzer needs
to keep between packets.
>>>>> .... Even at reasonably slow rates such as 75Mbit/s every packet will
still add to the state buildup inside ethereal until you reach a point where
memory is exhausted.I.e. ethereal will become slower and slower as memory is
exhausted on the system.
>>>>>>.... Stoping and restarting the capture is an efficient method to
control the amount of state buildup. "

Since the packets need to be captured for long durations of time at a stretch
( maybe months , may even be years ) and therefore memory exhaustion may not
be acceptable ,
1. Is it possible to CLEANUP the STATE INFORMATION when switching between
capture files in the ringbuffer ?
2. If yes , Which function calls can be made to cleanup such state
information ?
3. Stopping and restarting capture as suggested above would not be viable as
that may involve the undesirable missing of a few packets . Is there any
other possible technique to cleanup the state information ?

Thanks ,
Amit Vashisht

*********************************************************
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*********************************************************
Visit us at http://www.mahindrabt.com