Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireshark Performance

From: "POZUELO Gloria (BCS/PSD)" <gloria.pozuelo () bics com>
Date: Wed, 2 Dec 2015 15:31:28 +0000
Ok, the results seem to be the same
- v2.0:  0.458s.
- v2.1: 7.361s

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Pascal Quantin
Sent: Wednesday 2 December 2015 16:26
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance



2015-12-02 16:12 GMT+01:00 POZUELO Gloria (BCS/PSD) <gloria.pozuelo () bics com<mailto:gloria.pozuelo () bics com>>:
Where can I find that option?

On Windows, Ctrl + Shift + E, or in the menu Analyze -> Enabled protocols. Unselect stun_udp.

From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>] On Behalf Of Anders 
Broman
Sent: Wednesday 2 December 2015 16:08

To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

Hi,
It’s probably deeper down, dissect_stun_heur has gone from 3.51 to 14.06.
@ Gloria can you try to turn the stun heuristic off to see if it makes a difference?
Regards
Anders

From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Evan Huus
Sent: den 2 december 2015 16:02
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

The only recent change to conversation_match_exact was the conversion from address macros to functions, but in all 
cases the macros were just pointing to the functions anyways so I can't imagine that would have a huge effect on 
performance?

On Wed, Dec 2, 2015 at 9:45 AM, Anders Broman <anders.broman () ericsson com<mailto:anders.broman () ericsson com>> 
wrote:


From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>] On Behalf Of Anders 
Broman
Sent: den 2 december 2015 15:41
To: Developer support list for Wireshark; alexis.lagoutte () gmail com<mailto:alexis.lagoutte () gmail com>
Subject: Re: [Wireshark-dev] Wireshark Performance

Hi,
Running valgrind on my standard pcap we have gone from
==36946== Callgrind, a call-graph generating cache profiler
==36946== Copyright (C) 2002-2013, and GNU GPL'd, by Josef Weidendorfer et al.
==36946== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==36946== Command: /home/ericsson/wireshark/.libs/lt-tshark -Y frame -nr /home/ericsson/etxrab/TCT_SIP_traffic.pcapng
==36946==
==36946== For interactive control, run 'callgrind_control -h'.
==36946==
==36946== Events    : Ir
==36946== Collected : 18211043816
==36946==
==36946== I   refs:      18,211,043,816

to

==4865==
==4865== Events    : Ir
==4865== Collected : 1595333469530
==4865==
==4865== I   refs:      1,595,333,469,530

The big difference seems to be

Latest                                                              June
87.95  37.92 6 076 548  g_hastable_lookup  5.56 2.98 6 515 523

Looking deeper
49.43 25 142 686 213 conversation_match_exact 0.32 576 548

decode_udp_ports seems much more expensive

Regards
Anders


From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of POZUELO Gloria (BCS/PSD)
Sent: den 2 december 2015 14:01
To: Developer support list for Wireshark; alexis.lagoutte () gmail com<mailto:alexis.lagoutte () gmail com>
Subject: Re: [Wireshark-dev] Wireshark Performance

I’ve been testing the performance a little more and it seems that the loading time has increased not only for GTP 
protocol. I have sniffed a pcap composed by 22844 packets and if you open it up with both versions, v2.0 lasts 0.520s 
and v2.1 lasts 1.433s. But as you saw before for GTP protocol is even worse, I’ll try to get a pcap example that I can 
share.

Regards.

From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of POZUELO Gloria (BCS/PSD)
Sent: Wednesday 2 December 2015 09:13
To: alexis.lagoutte () gmail com<mailto:alexis.lagoutte () gmail com>; Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

I can’t share this one, because it has user data and it’s confidential, but we are going to generate another one that 
can be share. We are using GTP protocol, if that gives you a clue.

From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Alexis La Goutte
Sent: Wednesday 2 December 2015 09:08
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

You can directly add the text output of load time...
It is possible to share your pcap ?

On Wed, Dec 2, 2015 at 9:04 AM, POZUELO Gloria (BCS/PSD) <gloria.pozuelo () bics com<mailto:gloria.pozuelo () bics 
com>> wrote:
I attach the screen captures better.

From: wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org> 
[mailto:wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>] On Behalf Of POZUELO 
Gloria (BCS/PSD)
Sent: Wednesday 2 December 2015 08:53
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Wireshark Performance

Hello,
Here is the loading time difference between the v2.0 and the last automated build for win64 
Wireshark-win64-2.1.0-875-g9779ae3.exe<https://www.wireshark.org/download/automated/win64/Wireshark-win64-2.1.0-875-g9779ae3.exe>
[Imágenes integradas 2][Imágenes integradas 1]
Regards.

________________________________

**** DISCLAIMER****
http://www.bics.com/maildisclaimer/

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: