Re: slow when loading big pcaps

[Guy Harris <guy () alum mit edu>]

On Oct 20, 2010, at 3:42 AM, cco wrote:

> why is wireshark so slow when loading up >500 MB pcaps?

Are you saying that the time taken to read a file, as a function of the size of the file, is discontinuous, with a jump 
at about 500 MB?

If so, it might be that the memory used by Wireshark for the file (per-packet data structures, reassembled packets, 
text for columns that aren't generated on the fly, etc.) becomes large enough that your machine starts paging.

> is there any configuration trick to speed this up?

If you're paging:

Make sure you're running Wireshark 1.4.0 or later - *no* columns can have their text generated on the fly in earlier 
releases, but some can in 1.4.0.

Turning off packet reassembly for various protocols *might* help as well.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe