Wireshark · Wireshark-dev: Re: [Wireshark-dev] PDML export on big capture files

Wireshark-dev: Re: [Wireshark-dev] PDML export on big capture files

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 29 Feb 2008 02:19:39 -0800

Edouard Funke wrote:

The exact command i am using is :
tshark -r my_big_capture_file -T pdml -V | myprogram

It is tshark who is running out of memory (monitored). Could the pipe
have something to do with it ?

No - TShark has no idea that its standard output is being piped toanother program (that's what pipes are all about - being able to takeoutput of one program and, rather than looking at it yourself or savingit to a file, feeding it to another program).

It's probably a reassembly issue; particular protocols might offer anoption to disable reassembly, but, as per my earlier mail, you'd getdifferent output if you did that.

Follow-Ups:
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke

References:
- [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Guy Harris
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke

Prev by Date: Re: [Wireshark-dev] NBAP: dissection of Private Messages
Next by Date: Re: [Wireshark-dev] PDML export on big capture files
Previous by thread: Re: [Wireshark-dev] PDML export on big capture files
Next by thread: Re: [Wireshark-dev] PDML export on big capture files
Index(es):
- Date
- Thread