Hi All, 1) How to reduce the TSHARK processing time when PCAP file size is more? 2) how to use the "Memory mapped file" with tshark command? Thanks in advancce. Regards, Swathi. asked 13 Mar '16, 22:33  swathi jakkam edited 13 Mar '16, 23:08  Jim Aragon |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
"how to use the "Memory mapped file" with tshark command?" What do you mean by "use the memory mapped file"? TShark and Wireshark don't memory-map the file they read, they just do regular file read operations on it; when capturing traffic, it might memory-map the buffer(s) into which the kernel deposits packets, if both the version of libpcap used and the underlying OS support it (which, for now, means "on Linux with newer libpcap and possibly on FreeBSD with newer libpcap and nowhere else).