Re: how to handle big files in wireshark

[Guy Harris <guy () alum mit edu>]

On Jul 9, 2010, at 4:36 PM, Bryan Hoyt | Brush Technology wrote:

> I'm not an expert here, but isn't it possible to reduce the amount of memory used by disabling all the protocols that 
> you don't use (or even the ones you do use, if you can live without them)?
>
> I think a lot of the memory usage comes from the specific protocols, not just the wireshark core.

A lot of the memory usage, at least when I last checked, came from the fact that all (with the old packet list widget) 
or many (with the new packet list widget) of the columns require that memory be allocated for the contents of the 
column for each of the packets; with a lot of packets that's a lot of strings.

Disabling protocols won't help much there, unless the disabled protocols generate longer strings then the still-enabled 
protocols that call them.

More memory probably comes from reassembled packets; if some protocol that appears in the capture does reassembly, and 
you disable that protocol, that might reduce memory usage.  If that protocol supports disabling reassembly, that might 
also help.

Disabling protocols that don't appear in any of the packets in the capture won't do anything.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe