This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I would just like to understand that TCPDUMP can capture full packets on 10G line rate? In the case of tshark, it is only able to capture packets uptp 100MB/S speed. TCPDUMP has also this kind of limits or it can capture full packets at line rate?

Thanks,

asked 24 Apr '15, 04:18

Aditi's gravatar image

Aditi
16446
accept rate: 0%


This performance question has nothing to do with the program you run, but everything with the platform you run it on. Stick tcpdump on a 6 MHz 80286 and you won't handle 100 Mb/s as well. Stick tshark on a screaming fast processor, with ultra high speed peripherals and unlimited memory it can easily tackle the problem.

So the question is what are your requirements? Pure capture and storage? or wire speed analysis as well? And if so, what needs to be analyzed? What program will give you the features you need? Can tcpdump do the job? Go for it. Need more detailed analysis? Maybe something else then. Need statistical analysis? Then you may need something else.

permanent link

answered 24 Apr '15, 05:23

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×97
×22

question asked: 24 Apr '15, 04:18

question was seen: 2,022 times

last updated: 24 Apr '15, 05:23

p​o​w​e​r​e​d by O​S​Q​A