The release notes mention a new tool -- dumpcap. Dumpcap is a pure packet capture application, unlike Tcpdump or Tethereal. Those two programs are also protocol analyzers, and at least in the case of Tethereal that means larger memory footprints. I tried the Windows version of Dumpcap.
First, let's see the options Dumpcap offers, and start it.
Notice that Dumpcap is a simple capture application, but it also supports the ring buffer support I love in Tethereal. Nice work.
Here is Dumpcap's memory allocation on Windows during the preceeding capture.
Here are Tethereal's options.
I start Tethereal using syntax similar to Dumpcap. Note Tethereal supports disabling name resolution with -n, while Dumpcap offers no name resolution options.
tethereal -n -i 3 -c 10 -w d:\tmp\tethereal1.lpc
Here is Tethereal's memory allocation on Windows during the preceeding capture.
As you can see, Tethereal's memory footprint is five times that of Dumpcap.
I look forward to trying Dumpcap on FreeBSD.
Tidak ada komentar:
Posting Komentar