On Feb 19, 2010, at 4:35 AM, Boaz Galil wrote:
> Is there a way to know when the machine will run out of memory? (for example running Tshark for 1 hour = leak XMB.. or something like that.)
No. The amount of memory it accumulates depends on the traffic.
> tcpdump is not part of the wireshark package,
Unless you're running on Windows, a random machine is, I suspect, more likely to have tcpdump on it than Wireshark. Several UN*Xes (*BSD, Mac OS X) come standard with tcpdump, and some other UN*Xes (at least some Linux distributions) include packages for both and *might* install tcpdump but not Wireshark by default. (On Windows, you'd have to download and install Wireshark *or* WinDump.)
> is there any solution for long packet capture with wireshark package?
To quote my earlier message:
> The way to avoid that issue is not to use Wireshark or TShark to do long-running captures, and to use dumpcap instead.
dumpcap *is* part of the Wireshark package (it's what Wireshark and TShark run in order to do capturing).