Hi,
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Dario Lombardo
>
>> I've run this command on a 10G pcap file.
>
>> ./tshark -r traffic.all -Y "dns.qry.name.len > 50" -w longnames.pcap
>
>> Used memory grows continuously, up to over 3GB of ram. At this point my pc goes thrashing and I must kill tshark.
>> That's not what I expected. I expected the memory to grow up to a certain size, then stop, feeding the output file.
>> Any idea about what happens? Any suggestion on how to debug it?
On Tue, Aug 27, 2013 at 02:40:07PM +0000, Anders Broman wrote:
> No it will not; as state and stuff accumulates memory grows until *shark runs out of memory your mileage on
Isn't it a bug? Do we need some special option for such case, or reusing
single pass tshark is good enough?
We should anyway do -2 pass default where we have a file (and not pipe).