loading pcap from SMB share takes very long
Hello community Hope anybody can help me or has a hint. I have a linux server creating pcap traces with tshark. Every file has a max size of 100MB and they contain only SIP (no RTP just SIP) traffic. I can access these files from my Win11 workstation through a network SMB share.
Wireshark is closed. I start wireshark with one of these pcap files. Now Wireshark is starting and tells me about initialization. This takes around 150 seconds. During this time I see SMB traffic at a rate of 1MBit/s. On my Linux workstation, this can take even up to 4 minutes. After this waitingtime, wireshark shows me the loadingbar in the lower left corner and during that time, the traffic goes up to 200MBit/s.
Finaly I can use wireshark as usual. But why does it take so long? Any idea. tcpdump during this initializing gives me small packages below 256bytes. So it looks like kind of control traffic.
Thank you for any help.
What is the round-trip time between the system running Wireshark and the SMB server?
The RTT is less than 1ms. The traffic just goes from one firewall zone to an other.