I'm am facing to an issue when sniffing on the loopback interface when using a JTAG debug probe, which uses a TCP socket. It completly flood the loopback, and freeze Wireshark after a few seconds.
As a workaround, I have made a dummy LUA dissector for this case (redlink-server protocol). Wireshark is no longer freezing, but it produces like 8Gb of packets in a few minutes... (the plugin consists in an empty dissector function, add register this dissector for TCP port 3490)
Is there a simple way to delete those packets from dump file not to overflow my RAM ?
Tanks by advance
Thomas.
You can apply a capture filter, not a display filter, to avoid capturing the traffic. In your case, the capture filter to exclude the unwanted traffic would be not tcp port 3490.
Refer to pcap-filter for more information on capture filters, as well as the Wireshark User Guide, Section 4.10. Filtering while capturing.