> Unfortunately, there's not much you can do about it, other than:
>
> 1) using a capture filter to capture *only* the traffic you're interested in;
>
> 2) using a capture program that consumes as little CPU as possible - I'd recommend using tcpdump and >writing to a capture file with -w, and then looking at the file afterwards with Wireshark.
Thanks! A couple of follow-up questions.
1) Wouldn't using a capture filter add more load to the processing, since the capturing program now also has to decode the packets?
2) Does tcpdump use less CPU than tshark?