Wireshark-users: Re: [Wireshark-users] Performance with large capture files
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Mon, 10 Sep 2018 16:24:30 +0000

Tracewrangler[1] is a very good free tool for slicing and dicing packet flows, allowing one to work with smaller capture files when analyzing particular flows.  The Wireshark Tools wiki page[2] lists Tracewrangler along with many other tools that may be of interest to you.

 

I also use Riverbed’s Packet Analyzer product[3] (not free) for analyzing large files and being able to drill down to a smaller subset of packets that can then be loaded into Wireshark for deeper analysis.  You might want to test drive it with a free trial to see if it meets your needs.  There are other analyzers besides Wireshark that you could try as well (such as Microsoft’s Message Analyzer[4]), but I don’t know how well any others would work, so you might have to conduct your own benchmarks.

 

- Chris

[1]: https://www.tracewrangler.com/

[2]: https://wiki.wireshark.org/Tools

[3]: https://www.riverbed.com/products/steelcentral/steelcentral-packet-analyzer-personal-edition.html

[4]: https://www.microsoft.com/en-us/download/details.aspx?id=44226

 

 

From: Wireshark-users [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Deny IP Any Any
Sent: Saturday, September 8, 2018 1:02 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Performance with large capture files

 

Anyone have tips on things to make working with large (3GB filesize, 4.5m packets) capture files better? CPU/Memory/Disk are not maxed in resmon but it takes fooooorever to do many common tasks in the UI. Using current version Wireshark on a modern gaming Win10 computer.

 

I know smaller files are easier but sometimes you don't have an option.

 

--

deny ip any any (4395643193 matches)

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the addressee.  If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.