WS is non-responsive when capturing many packets
When starting a capture (no filter) with a lot of traffic - after few tens of seconds WS becomes non-responsive - even stopping the capture takes long time. Is this normal and to expect?
I assume it is due to the large volume of data and fair enough. But never the less it is a bit annoying. Are there tricks to tame it before it grinds to a halt except stopping manually after few 10 seconds?
Thanks for hints.
Version inf:
3.4.3 (v3.4.3-0-g6ae6cd335aa9)
Compiled (64-bit) with Qt 5.15.1, with libpcap, with GLib 2.52.3, with zlib
1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3
and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using
WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler), with
Minizip.
Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Core(TM)
i7-8750H CPU @ 2.20GHz (with SSE4.2), with 32573 MB of physical memory, with
locale Danish_Denmark.utf8, with light display mode, without HiDPI, with Npcap
version 1.10, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with Gcrypt
1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (21 loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.28, build 29336).
What is your line rate? If you're not interested in layer 4 and above set an appropriate snaplen.
Thank you for your hints. I am very new to this so if nothing else but for myself I added screen dumps of the relevant settings corresponding to your suggestions. ...... just to find out that I need >60 points to upload a file - so I will have to keep this to myself.
@grahamb. its 1Gb/s tcp. Trying to figure out what causes: [Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
@helarsen, you can provide a link to an image posted elsewhere.
The error you noted happens when a tcp segment is retransmitted, but contains more data than originally sent. There has been some work done on TCP reassembly in the dev version (3.5.x), maybe you could try the latest automated build, see here.