Wireshark-users: Re: [Wireshark-users] Which hardware
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Sat, 9 Feb 2008 11:29:04 +1100
the OSX tests was on "similarly" specced hardware.   I could obviously
not test how OSX Wireshark behaved/performed on the same physical
machine I tested with Windows.



On Sat, Feb 9, 2008 at 11:25 AM, ronnie sahlberg
<ronniesahlberg@xxxxxxxxx> wrote:
> Personal first hand experience.
>
>
>  I have tested this myself on several PCs and compared.  The same host,
>  the same capture file, the same preferences using the same SVN version
>  of wireshark
>  it ran 2+ times faster when booting into linux than w2k and w2k3.
>  Bear in mind,  the tests were all for semi large capture files in the
>  range 10-200MByte  and testing how long it takes to load a trace, how
>  long it takes to filter a trace, how long it takes to bring up the tcp
>  sequence number graph.
>  I think it was something like 5-6 different single and multi cpu systems.
>  (multiprocessing is a bit pointless with wireshark)
>
>  The purpose was to find which hw+sw config would perform the fastest a
>  large group of users that would spend significant amount of time
>  looking at and filtering and analyzing 100MB - 1GByte large capture
>  files. I dont care what systems the end users would end up using,
>  they just wanted to know :
>  "which hw+sw combination should we use to make analyzing/filtering of
>  large captures as fast as possible".
>
>
>  For small captures   the difference was smaller than for large
>  captures.  the larger the capture  the more dramatic the difference
>  was.
>  That is probably an effect of linux having wastly better memory
>  management than windows.
>
>
>  For what its worth, comparing to "similar" specced hw platforms that
>  ran OSX,  OSX performed slightly worse than a similar linux setup on
>  small captures   but sligtly better than linux for very large
>  captures.
>
>
>  ronnie s
>
>
>
>
>  On Sat, Feb 9, 2008 at 8:16 AM, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
>  > ronnie sahlberg schrieb:
>  >
>  > > Use a linux box to run wireshark on instead.
>  >  > It is cheaper than terminal servers and as a bonus    on the same
>  >  > hardware, processing the same capture files,   wireshark will run
>  >  > several times faster on linux than w2k3
>  >  >
>  >  Do you have any hard facts, or is this the usual Linux-FUD?
>  >
>  >  Regards, ULFL
>  >
>  >
>  > _______________________________________________
>  >  Wireshark-users mailing list
>  >  Wireshark-users@xxxxxxxxxxxxx
>  >  http://www.wireshark.org/mailman/listinfo/wireshark-users
>  >
>