Hi all,
Please forgive my English. I was thinking of using TShark as some kind of "trouble detector". I'm interested in some very specific traffic pattern, that could occur a few times per hour. So, my plan was leave TShark running forever with the correct capturing and display filters and the -T -E options, and, when the pattern shows up, send and alarm with other application. Sounds great.. but.. when i start my testing, I get a lot of:
Unhandled exception (group=1, code=6)
After reading a little, I found this (terrible news!):
http://wiki.wireshark.org/KnownBugs/OutOfMemory
But, in the page says:
While capturing: If you're not doing an "Update list of packets in real
time" capture, it shouldn't consume memory as it captures - although it
*will* consume memory when you stop the capture and it reads it in, so
that ultimately won't help.
Well.. that will work form me!. Now, some questions. Is this the same that the -T option ?, If is not, How do I set this option to TShark? I need the pattern decoded in text, so I can regex it. Can I somehow, get TShark to just "pop" the the text from the packets without any memory consumption for whatsoever future correlation that I don't need ?
____________________________________________________________________________________
¡Obtén la mejor experiencia en la web!
Descarga gratis el nuevo Internet Explorer 8.
http://downloads.yahoo.com/ieak8/?l=e1