Thanks to Anthony Spina for pointing out that Ethereal 0.99 was released yesterday. Jumping from 0.10.14 in late December to 0.99 now indicates to me that 1.0 will finally appear any day now.
The release notes mention a new tool -- dumpcap. Dumpcap is a pure packet capture application, unlike Tcpdump or Tethereal. Those two programs are also protocol analyzers, and at least in the case of Tethereal that means larger memory footprints. I tried the Windows version of Dumpcap.
First, let's see the options Dumpcap offers, and start it.
Notice that Dumpcap is a simple capture application, but it also supports the ring buffer support I love in Tethereal. Nice work.
Here is Dumpcap's memory allocation on Windows during the preceeding capture.
Here are Tethereal's options.
I start Tethereal using syntax similar to Dumpcap. Note Tethereal supports disabling name resolution with -n, while Dumpcap offers no name resolution options.
tethereal -n -i 3 -c 10 -w d:\tmp\tethereal1.lpc
Here is Tethereal's memory allocation on Windows during the preceeding capture.
As you can see, Tethereal's memory footprint is five times that of Dumpcap.
I look forward to trying Dumpcap on FreeBSD.
0 komentar:
Posting Komentar