Ask Your Question
0

Disabling unused protocols

asked 2018-10-06 05:58:49 +0000

felixbkk gravatar image

I regularly open ~100 MB files to do troubleshooting. Can I expect a marked increase in performance by disabling the unused protocols?

Is there an easy way to disable everything but the most common protocol? Perhaps editing a config file.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-10-06 06:08:31 +0000

Packet_vlad gravatar image

updated 2018-10-06 06:18:42 +0000

It can be done.

Go to Analyze -> Enabled protocols and un-check the ones you don't need.

image description

Yes, it can increase file opening speed significantly. You can make separate profile for this purpose because Enabled protocols setting is stored on per-profile basis.

edit flag offensive delete link more

Comments

Do you have any figures backing that up?

Anders gravatar imageAnders ( 2018-10-06 06:13:22 +0000 )edit

Thank you! With over 2400 protocols do you just disable all of them and then re-add the ones that you need?

I'll have to play around with finding the right balance.

felixbkk gravatar imagefelixbkk ( 2018-10-06 06:16:59 +0000 )edit

So the major speedup is actually not dissecting protocols actually in the trace rather then overhead caused by not used dissectors.

Anders gravatar imageAnders ( 2018-10-06 18:14:17 +0000 )edit

Yes, exactly that. But it'd be interesting to test the latter case you talk about too. I'll take filtered large-size 1-TCP-stream trace and compare load speed with enabled/disabled protocols. Though I suspect there won't be much difference.

Packet_vlad gravatar imagePacket_vlad ( 2018-10-06 18:51:05 +0000 )edit

So in conclusion if you want to see everything that's in the file there isn't much gain in disabling protocol dissectors for protocols not present in the file?

Anders gravatar imageAnders ( 2018-10-06 19:13:11 +0000 )edit
see more comments
1

answered 2018-10-06 07:26:46 +0000

Packet_vlad gravatar image

updated 2018-10-06 07:27:44 +0000

Hi @Anders, did you mean speedup factors? You're right, I should've mentioned speedup highly depends on some factors:

  • Pcap file content.
  • Protocols being disabled/enabled.

The most noticeable effect I had when I was working with office uplink traces. These files were filled with a variety of different protocols from which I only worked with Ethernet -> IPv4 -> TCP chain with no Layers 5-7 needed. In this case I got 1.5 to 2.0 speedup factor, sometimes up to 2.5.

@felixbkk If you work with already filtered/prepared files containing let's say HTTP and disable protocols other than Ethernet -> IPv4 -> TCP -> HTTP chain probably you'll not get that much increase of load speed.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-10-06 05:58:49 +0000

Seen: 2,293 times

Last updated: Oct 06 '18

Related questions

SSH performance question

Detect network issue

Performance issue with SQL based application, suspect client side connectivity.

Disable check for update option in 2.5.1 version

How to analyze network slowness using wireshark, please suggest good documents and/or videos

how to use the file disabled_protos

How can I edit or expand a protocol like `bitcoin`

Is there a way on macOS to tell Wireshark to use more CPU/memory

Does running Wireshark on a Domain Controller degrade performance of the DC?

Disable check for update in 3.0.3 version

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2