Re: libwireshark for continuous capture?

[Guy Harris <guy () alum mit edu>]

On Jun 5, 2014, at 11:34 AM, Javi Gallart <jgallart () bts io> wrote:

> I started this thread some months ago : http://www.wireshark.org/lists/wireshark-users/201310/msg00001.html. 
> According to it, usage of Lua scripts is not suitable for continuous packet capture, dumpcap is recommended for that. 
> Does the same hold for a C application that captures network data and used libwireshark (as nextexpect does) for 
> packet dissection?

Yes - the Lua support isn't the only part of the Wireshark dissection engine that allocates persistent data structures.

(Note that even *tcpdump*, if you're capturing-and-printing rather than capturing-and-writing-to-a-file, will, by 
default, allocate persistent data structures to, for example, print relative sequence numbers for TCP.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe