Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireshark Performance

From: Evan Huus <eapache () gmail com>
Date: Wed, 2 Dec 2015 11:11:06 -0500
My current hypothesis is commit 74541a9596eead6647c592de9aa46797c2dffa84
but I don't have any files to test with locally.

On Wed, Dec 2, 2015 at 10:36 AM, Pascal Quantin <pascal.quantin () gmail com>
wrote:




2015-12-02 16:31 GMT+01:00 Anders Broman <anders.broman () ericsson com>:


Hi,

I’m betting on this change J


https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=9e54fcee5224aef800155514cac5e40d9e38a23e



This change is also in master-2.0, so it cannot be the culprit.

Pascal.




*From:* wireshark-dev-bounces () wireshark org [mailto:
wireshark-dev-bounces () wireshark org] *On Behalf Of *Pascal Quantin
*Sent:* den 2 december 2015 16:26

*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Wireshark Performance







2015-12-02 16:12 GMT+01:00 POZUELO Gloria (BCS/PSD) <
gloria.pozuelo () bics com>:

Where can I find that option?



On Windows, Ctrl + Shift + E, or in the menu Analyze -> Enabled
protocols. Unselect stun_udp.



*From:* wireshark-dev-bounces () wireshark org [mailto:
wireshark-dev-bounces () wireshark org] *On Behalf Of *Anders Broman
*Sent:* Wednesday 2 December 2015 16:08


*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Wireshark Performance



Hi,

It’s probably deeper down, dissect_stun_heur has gone from 3.51 to 14.06.

@ Gloria can you try to turn the stun heuristic off to see if it makes a
difference?

Regards

Anders



*From:* wireshark-dev-bounces () wireshark org [
mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *Evan Huus
*Sent:* den 2 december 2015 16:02
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Wireshark Performance



The only recent change to conversation_match_exact was the conversion
from address macros to functions, but in all cases the macros were just
pointing to the functions anyways so I can't imagine that would have a huge
effect on performance?



On Wed, Dec 2, 2015 at 9:45 AM, Anders Broman <anders.broman () ericsson com>
wrote:





*From:* wireshark-dev-bounces () wireshark org [mailto:
wireshark-dev-bounces () wireshark org] *On Behalf Of *Anders Broman
*Sent:* den 2 december 2015 15:41
*To:* Developer support list for Wireshark; alexis.lagoutte () gmail com
*Subject:* Re: [Wireshark-dev] Wireshark Performance



Hi,

Running valgrind on my standard pcap we have gone from

==36946== Callgrind, a call-graph generating cache profiler

==36946== Copyright (C) 2002-2013, and GNU GPL'd, by Josef Weidendorfer
et al.

==36946== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for
copyright info

==36946== Command: /home/ericsson/wireshark/.libs/lt-tshark -Y frame -nr
/home/ericsson/etxrab/TCT_SIP_traffic.pcapng

==36946==

==36946== For interactive control, run 'callgrind_control -h'.

==36946==

==36946== Events    : Ir

==36946== Collected : 18211043816

==36946==

==36946== I   refs:      18,211,043,816



to



==4865==

==4865== Events    : Ir

==4865== Collected : 1595333469530

==4865==

==4865== I   refs:      1,595,333,469,530



The big difference seems to be



Latest                                                              June

87.95  37.92 6 076 548  g_hastable_lookup  5.56 2.98 6 515 523



Looking deeper

49.43 25 142 686 213 conversation_match_exact 0.32 576 548



decode_udp_ports seems much more expensive



Regards

Anders





*From:* wireshark-dev-bounces () wireshark org [
mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *POZUELO Gloria
(BCS/PSD)
*Sent:* den 2 december 2015 14:01
*To:* Developer support list for Wireshark; alexis.lagoutte () gmail com
*Subject:* Re: [Wireshark-dev] Wireshark Performance



I’ve been testing the performance a little more and it seems that the
loading time has increased not only for GTP protocol. I have sniffed a pcap
composed by 22844 packets and if you open it up with both versions, v2.0
lasts 0.520s and v2.1 lasts 1.433s. But as you saw before for GTP protocol
is even worse, I’ll try to get a pcap example that I can share.



Regards.



*From:* wireshark-dev-bounces () wireshark org [
mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *POZUELO Gloria
(BCS/PSD)
*Sent:* Wednesday 2 December 2015 09:13
*To:* alexis.lagoutte () gmail com; Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Wireshark Performance



I can’t share this one, because it has user data and it’s confidential,
but we are going to generate another one that can be share. We are using
GTP protocol, if that gives you a clue.



*From:* wireshark-dev-bounces () wireshark org [
mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *Alexis La Goutte
*Sent:* Wednesday 2 December 2015 09:08
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Wireshark Performance



You can directly add the text output of load time...

It is possible to share your pcap ?



On Wed, Dec 2, 2015 at 9:04 AM, POZUELO Gloria (BCS/PSD) <
gloria.pozuelo () bics com> wrote:

I attach the screen captures better.



*From:* wireshark-dev-bounces () wireshark org [mailto:
wireshark-dev-bounces () wireshark org] *On Behalf Of *POZUELO Gloria
(BCS/PSD)
*Sent:* Wednesday 2 December 2015 08:53
*To:* Developer support list for Wireshark
*Subject:* [Wireshark-dev] Wireshark Performance



Hello,

Here is the loading time difference between the v2.0 and the last
automated build for win64 Wireshark-win64-2.1.0-875-g9779ae3.exe
<https://www.wireshark.org/download/automated/win64/Wireshark-win64-2.1.0-875-g9779ae3.exe>

[image: Imágenes integradas 2][image: Imágenes integradas 1]

Regards.


------------------------------


**** DISCLAIMER****
http://www.bics.com/maildisclaimer/



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: