250MB capture file which takes 35 minutes to open

performance

asked 2021-02-09 18:50:22 +0000

I have a 250 MB pcap file with 170,000 frames, which takes 35 minutes to open with Wireshark 2.4.2 on my VDI. This file comes from Riverbed ARX. In environment where it was captured I can only access Wireshark 1.14, which opens this file in 5 seconds.

So, you might think that there is a problem with my VDI or my Wireshark 2.4.2 install. Well, I have other large files (e.g. 1.8 GB with more than 300,000 frames) which I can open in 25 seconds on VDI with Wireshark 2.4.2.

Any suggestions on how I can investigate and fix this issue?

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2021-02-09 20:31:37 +0000

Jaap

13730 ●684 ●115

This is probably caused by the amount of state which is being tracked across the packets when dissecting them during the load. What you can do is change the preferences of the dissectors involved to limit the amount of state being collected, such as reassembly, timestamp analysis, etc. Of course this requires some insight in the kind of traffic involved.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-02-09 18:50:22 +0000

Seen: 367 times

Last updated: Feb 09 '21

250MB capture file which takes 35 minutes to open edit

1 Answer