Re: [Wireshark-dev] slow when loading big pcaps

On Oct 20, 2010, at 3:42 AM, cco wrote:

> why is wireshark so slow when loading up >500 MB pcaps?

Are you saying that the time taken to read a file, as a function of the size of the file, is discontinuous, with a jump at about 500 MB?

If so, it might be that the memory used by Wireshark for the file (per-packet data structures, reassembled packets, text for columns that aren't generated on the fly, etc.) becomes large enough that your machine starts paging.

> is there any configuration trick to speed this up?

If you're paging:

Make sure you're running Wireshark 1.4.0 or later - *no* columns can have their text generated on the fly in earlier releases, but some can in 1.4.0.

Turning off packet reassembly for various protocols *might* help as well.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

• This message: [ Message body ]
• Next message: buildbot-no-reply_at_nospam: "[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-7-x64"
• Previous message: Graham Bloice: "Re: [Wireshark-dev] GTK 2.22 requires zlib 1.2.5(Windows)"
• In reply to: cco: "[Wireshark-dev] slow when loading big pcaps"
• Next in thread: cco: "Re: [Wireshark-dev] slow when loading big pcaps"
• Reply: cco: "Re: [Wireshark-dev] slow when loading big pcaps"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]