Hi guys, Any help will be useful here. Im able to understand the camel flow however I still need to understand that If I can use tshark continously reading from the network card? There are 2 questions here: 1) Will tshark die after sometime due to memory problems? Although I read few topics here that said for some users tshark ran for months especially on TCAP and CAMEL protocols because tshark doesnt create any maps in memory for these protocols. 2) Will tshark be fast enough to read all packets from network card? There will be very high traffic on my application server because all call data for the operator are mirrored on this server. Im using the following command to capture data, with input file (-r) its too slow so Im worried about the performance when using with ehternet card. tshark -Tpdml -Y "camel.InitialDPArg || (camel.EventReportBCSMArg && (camel.eventTypeBCSM==4||camel.eventTypeBCSM==5))" -r "\home\usr0121\hcm.dump" asked 03 Aug '15, 06:36  Karan Grover |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Is there a particular reason why you have chosen pdml as the format to print to the screen? I only ask because it might be that your terminal is having a difficult time keeping up with the large amount of text printed to the screen for each packet/frame you receive, as there is a lot of output per packet/frame with pdml.
You are right there is a lot of data but I redirect all of this to my java program tshark...... | java .... and I have chosen pdml because its easier for java code to parse it.