M2 Max MacBook Pro 96G RAM vs Win11 Dell Inspiron i7 16G RAM
I compared performance of WireShark, latest version, on a very powerful Mac to a reasonable Dell Windows 11 computer.
I obtained a 2.3GB .pcapng file for analysis. It was provided by a client experiencing a packet storm. Here are the results of loading the file, running the Expert Analysis, and obtaining the IPv4 Endpoint table:
- MacBook Pro, 96G, M2Max: 11 hours 45 minutes
- Dell Inspiron: 31 seconds
Due to the ridiculous difference in performance, I wiped Wireshark from the powerful Mac and reinstalled from scratch. Opened the .pcapng file again and ran the same tests. Results were basically the same. (Yes, this took two days to finish)
Any idea what is wrong with the Arm64 code for Wireshark? I"ve benchmarked this Mac against the Dell laptop in every other application and it has always been faster, sometimes 2-4x faster. Wireshark on the Mac appears to be 1,364 times SLOWER.
Watching this pathetic load and analysis operation it looks like the Mac version of the code loads a few packets recalculates everything, then loads a few more packets. This is based on the spinning beachball of death which appears, then the statistics screen updates with perhaps a hundred more packets analyzed, then repeats indefinitely.
On the other hand, in WIndows, it appears Wireshark loads everything, runs a single analysis, and finishes promptly.
Not sure if that observation matches what is happening, as I would assume the source code base is the same and Wireshark merely compiles to different target architectures.
Any Wireshark-on-Mac experts out there who can shed light on this massive performance difference?
Both machines were running the same version number of Wireshark and used the same configuration profile?
Yes, identical installations except for the target architecture installation files were different, of course. Both were 100% default clean installations. Wiped the installs and repeated on the Mac, again accepting the defaults.
Clean installs, but also the same _configuration_? These are not part of the install, but personal data.
I ran a file by file comparison of the contents of APPDIR/Contents/Resources/share/wireshark/* against the same contents in the PC at C:/Windows/Program Files/wireshark. Windows has some DLL's and executables present that Mac does not. HTML configuration files and diameter, dtds, profiles, protobuf, radius tpncp, and wimaxasncp folders all have the same contents. Windows Wireshark has a plugins folder that Mac does not.
The macOS app bundle for Wireshark stores executables in APPDIR/Contents/MacOS, and stores shared libraries (the UN*X equivalent of DLLs) in APPDIR/Contents/Frameworks/, not anywhere under APPDIR/Contents/Resources/share/wireshark/.
Those are the application-provided configuration files. There are also user configuration files, stored in $HOME/.config/wireshark in UN*Xes such as macOS and in %APPDATA%\Wireshark (or %USERPROFILE%\Application Data\Wireshark if %APPDATA% isn't defined).
The macOS app bundle for Wireshark stores Wireshark plugins in directories under APPDIR/Contents/PlugIns/wireshark.