Wireshark-bugs: [Wireshark-bugs] [Bug 6755] slow loading/processing of conversations with over 5
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6755
--- Comment #3 from Cristian Constantin <const.crist@xxxxxxxxxxxxxx> 2012-01-26 12:27:34 PST ---
(In reply to comment #2)
> (I haven't actually looked at the code ....)
cristian: no one seems to be interested in this.
I had a look at wiki, under:
http://wiki.wireshark.org/Performance
which says:
"Working with large capture files
If you have a large capture file e.g. > 100MB, Wireshark will become slow while
loading, filtering and alike actions.
There are some things you can do, but unfortunately this will remove some
decoding comfort:
Disable Coloring Rules: this will significantly increase performance. To
disable these rules, use View->Colorize Packet List. You could also delete all
coloring rules or rename the coloring rules file.
Disable Network Layer (hostname) DNS lookups under View->Name Resolution can
help speed things up
On MacOS X, disabling Transport Layer lookups under View->Name Resolution can
help speed things up.
Disabling some preference settings may save you a lot of memory consumption. Be
aware that these features are probably required to detect the packets properly
that you want to capture. So maybe you miss packets that are missinterpreted.
You can check if that's the case, by loading a capture file, setting a display
filter of the packet types in question and see if the number of displayed
packets are the same with and without these settings. You may need to reload
the file after changing the settings (and don't forget to press the "Save"
button :-).
Some good preference setting candidates:
IP/Reassembled fragmented IP datagrams
TCP/Allow subdissectors to reassemble TCP streams"
imo applying this patch (or an improved version of it) would help a _lot_ in
case of large files.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
