[Ulf Lamping <ulf.lamping@xxxxxx>]

Sadin Nurkic wrote:
> Hi,
>
> I'm doing a capture using the -R option to do some deep filtering on
> GTP tunneled data. This seems to be eating up memory at a great pace
> as I've had it running for only a few minutes and the process memory
> according to "top" is reaching 1Gb.
>
> Traces without the -R option run for months without issues - but as
> soon as it is turned on memory usage grows very quickly. I'm capture
> filtering the trace to reduce it to GTP's UDP ports, but this does not
> seem to help.
>
> Could anyone please provide some pointers as to how to narrow done
> where in the code this memory leak is occuring?
>   
If you running without the -R option, do you use "update list of packets 
in real time"? I guess not.

This way, you simply write the packets to the disk, without any packet 
dissection.

If you use the -R switch, Ethereal has to dissect all incoming packets 
and will keep a lot of information internally and this will also slow 
down capturing performance.

Why not using a capture filter -f for this? This is the preferred way to 
do this kind of filtering, as the capture filter engine is much simpler 
but very fast and "no" memory consumption.

Regards, ULFL