I would just like to understand that TCPDUMP can capture full packets on 10G line rate? In the case of tshark, it is only able to capture packets uptp 100MB/S speed. TCPDUMP has also this kind of limits or it can capture full packets at line rate?
asked 24 Apr '15, 04:18
This performance question has nothing to do with the program you run, but everything with the platform you run it on. Stick tcpdump on a 6 MHz 80286 and you won't handle 100 Mb/s as well. Stick tshark on a screaming fast processor, with ultra high speed peripherals and unlimited memory it can easily tackle the problem.
So the question is what are your requirements? Pure capture and storage? or wire speed analysis as well? And if so, what needs to be analyzed? What program will give you the features you need? Can tcpdump do the job? Go for it. Need more detailed analysis? Maybe something else then. Need statistical analysis? Then you may need something else.
answered 24 Apr '15, 05:23