Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Edouard Funke
I ran a test with and without options on a 600Mo capture file: the result is the same, tshark takes 400Mo of memory. Is it normal ? On Fri, Feb 29, 2008 at 12:31 PM, Edouard Funke <[EMAIL PROTECTED]> wrote: > Thanks for all the information, i will try these options and see if > there is no more m

Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Edouard Funke
Thanks for all the information, i will try these options and see if there is no more memory problem. For now our plugins do not use reassembly but it is feature that we might want to implement soon. We might face the same problems then, a quick fix would be to split capture files but as we are try

Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Guy Harris
Edouard Funke wrote: > The same issue happens with "normal" tcp trafic without any custom > plugin activated. > How can i deactivate reassembly in this case ? Try adding the command line flag -o tcp.desegment_tcp_streams:false which will turn off reassembly for protocols running over TCP

Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Edouard Funke
The same issue happens with "normal" tcp trafic without any custom plugin activated. How can i deactivate reassembly in this case ? How different would be my output ? On Fri, Feb 29, 2008 at 11:19 AM, Guy Harris <[EMAIL PROTECTED]> wrote: > Edouard Funke wrote: > > The exact command i am using is

Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Guy Harris
Edouard Funke wrote: > The exact command i am using is : > tshark -r my_big_capture_file -T pdml -V | myprogram > > It is tshark who is running out of memory (monitored). Could the pipe > have something to do with it ? No - TShark has no idea that its standard output is being piped to another pr

Re: [Wireshark-dev] PDML export on big capture files

2008-02-29 Thread Edouard Funke
The exact command i am using is : tshark -r my_big_capture_file -T pdml -V | myprogram It is tshark who is running out of memory (monitored). Could the pipe have something to do with it ? On Thu, Feb 28, 2008 at 7:12 PM, Guy Harris <[EMAIL PROTECTED]> wrote: > Edouard Funke wrote: > > > We are c

Re: [Wireshark-dev] PDML export on big capture files

2008-02-28 Thread Guy Harris
Edouard Funke wrote: > We are currently using wireshark PDML export functionnality (with > custom plugins) to export big capture files to be processed after. > We are constantly "hitting" the out of memory problem > (http://wiki.wireshark.org/KnownBugs/OutOfMemory) as wireshark keeps > information

[Wireshark-dev] PDML export on big capture files

2008-02-28 Thread Edouard Funke
Hello, We are currently using wireshark PDML export functionnality (with custom plugins) to export big capture files to be processed after. We are constantly "hitting" the out of memory problem (http://wiki.wireshark.org/KnownBugs/OutOfMemory) as wireshark keeps information on packet list and for