Wireshark mailing list archives

Re: Performance with large capture files

From: "Maynard, Chris" <Christopher.Maynard () IGT com>
Date: Mon, 10 Sep 2018 16:24:30 +0000

Tracewrangler[1] is a very good free tool for slicing and dicing packet flows, allowing one to work with smaller 
capture files when analyzing particular flows.  The Wireshark Tools wiki page[2] lists Tracewrangler along with many 
other tools that may be of interest to you.

I also use Riverbed’s Packet Analyzer product[3] (not free) for analyzing large files and being able to drill down to a 
smaller subset of packets that can then be loaded into Wireshark for deeper analysis.  You might want to test drive it 
with a free trial to see if it meets your needs.  There are other analyzers besides Wireshark that you could try as 
well (such as Microsoft’s Message Analyzer[4]), but I don’t know how well any others would work, so you might have to 
conduct your own benchmarks.

- Chris
[1]: https://www.tracewrangler.com/
[2]: https://wiki.wireshark.org/Tools
[3]: https://www.riverbed.com/products/steelcentral/steelcentral-packet-analyzer-personal-edition.html
[4]: https://www.microsoft.com/en-us/download/details.aspx?id=44226


From: Wireshark-users [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Deny IP Any Any
Sent: Saturday, September 8, 2018 1:02 PM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Performance with large capture files

Anyone have tips on things to make working with large (3GB filesize, 4.5m packets) capture files better? 
CPU/Memory/Disk are not maxed in resmon but it takes fooooorever to do many common tasks in the UI. Using current 
version Wireshark on a modern gaming Win10 computer.

I know smaller files are easier but sometimes you don't have an option.

--
deny ip any any (4395643193 matches)
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the 
addressee.  If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Performance with large capture files Deny IP Any Any (Sep 08)
- Re: Performance with large capture files Maynard, Chris (Sep 10)
- Re: Performance with large capture files Chad Dailey (Sep 10)