Wireshark mailing list archives

TCP reassembly slow

From: Simon Barber <simon.barber () meraki net>
Date: Fri, 24 Mar 2017 16:11:39 -0700

When loading a large file (0.5M packets) with a large single TCP stream in
it, wireshark gets very slow. I did some profiling and found 90% of the CPU
time was spent in epan/reassemble.c LINK_FRAG() - scanning through a long
singly linked list and adding to the end of it.

As a work around I disabled 'allow subdissector to reassemble TCP streams'
in the TCP protocol preferences. This makes loading this file much faster.

Simon

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

TCP reassembly slow Simon Barber (Mar 24)
- Re: TCP reassembly slow Guy Harris (Mar 24)