Wireshark-users: Re: [Wireshark-users] tshark vs dumpcap

From: Shawn T Carroll <shawnthomascarroll@xxxxxxxxx>
Date: Sun, 30 Oct 2011 07:57:59 -0700 (PDT)
Hi Stuart, I have heard (but not seen myself) that dumpcap has the lowest possibility for bugs or security holes, because it is purely for saving packet captures, and doesn't have code to parse/filter as does tshark, tcpdump, or wireshark.  So I have heard it's a good choice for security reasons or for stability for long-term capture, not sure about for performance.  Good question, I'm curious to see what others say.

Shawn


From: Stuart Kendrick <skendric@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Sunday, October 30, 2011 9:23 AM
Subject: [Wireshark-users] tshark vs dumpcap

Is there any performance advantage to using dumpcap over tshark, for
pure packet capture?  [Less chance of dropping frames perhaps?]

--sk

Stuart Kendrick
FHCRC
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe