Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Memory consumption in tshark
From: Evan Huus <eapache () gmail com>
Date: Wed, 28 Aug 2013 09:41:02 -0400

On Wed, Aug 28, 2013 at 9:31 AM, Dario Lombardo <dario.lombardo.ml () gmail com
wrote:




On Wed, Aug 28, 2013 at 1:29 PM, Evan Huus <eapache () gmail com> wrote:

It's dependant on platform and setup, but I'll assume a from-source build
on Linux. In theory all you have to do is prefix your normal command with
"libtool --mode=execute valgrind --tool=massif" and then the usual ./tshark
etc.

Valgrind takes a bunch more memory though, so you'll almost certainly
want to use editcap to split the capture, and then run this on just a
subset.

It will produce an output file massif.out.PID which you can pass to the
ms_print command for human-readable output. That output would be useful to
us.


I'm attaching the output. I've run it on a 1GB pcap file.


Thanks, though I'm afraid I forgot something :(
We usually use the ./tools/valgrind-wireshark.sh script which sets a couple
of environment variables to make the output more useful. I didn't mention
it, because the helper script doesn't currently support extra flags (like
the -Y and -w) you used. If you could set the following environment
variables and run again, that would be appreciated:
export WIRESHARK_DEBUG_EP_NO_CHUNKS=
export WIRESHARK_DEBUG_SE_NO_CHUNKS=
export WIRESHARK_DEBUG_WMEM_OVERRIDE=simple
export G_SLICE=always-malloc

Alternatively, you could just run "./tools/valgrind-wireshark.sh -m
capture.pcap". It will take care of all of the environment stuff, and the
libtool prefix etc, but it won't run with the -w or -Y flags. I expect the
output to be more-or-less the same, but I'm not sure of that.

Thanks again,
Evan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]