Wireshark · Wireshark-users: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?

Wireshark-users: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic

Date: Tue, 9 Aug 2016 16:39:45 +0000 (UTC)

> Unfortunately, there's not much you can do about it, other than:
>
> 1) using a capture filter to capture *only* the traffic you're interested in;
>
> 2) using a capture program that consumes as little CPU as possible - I'd recommend using tcpdump and >writing to a capture file with -w, and then looking at the file afterwards with Wireshark.

Thanks! A couple of follow-up questions.

1) Wouldn't using a capture filter add more load to the processing, since the capturing program now also has to decode the packets?

2) Does tcpdump use less CPU than tshark?

Follow-Ups:
- Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
  - From: Guy Harris

References:
- [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
  - From: Rayne
- Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
Next by Date: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
Previous by thread: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
Next by thread: Re: [Wireshark-users] Will capturing packets with tcpdump/tshark affect traffic processing?
Index(es):
- Date
- Thread