This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Very slow GUI when running wireshark remotely

0

Start seeing this issue after upgrading wireshark from 0.99.8 to 1.2.6. One problem is the extreme long time it takes to initialize the wireshark (i.e., taking almost an hour to register dissectors, etc), which is kind of resolved by increasing the splash update interval; The other problem is that after GUI starts up it's running very slow and always takes a long time to respond to user clicks, makes the GUI unusable.

This only happens when running wireshark remotely (using SSH over X11). Wireshark is using GTK2.

Does anyone has suggestion on how to improve the GUI performance? Thanks.

asked 01 Feb '11, 09:49

dxl's gravatar image

dxl
1223
accept rate: 0%

edited 01 Feb '11, 09:54


One Answer:

1

I (and my coworkers) had problems when we started using a GTK2-based Wireshark because GTK2 uses anti-aliased fonts and our (very old) X server (in this case Exceed v10) did not support anti-aliased fonts. Once (using Wireshark, of course) I (think I) saw that the X client (in this case Wireshark) was being forced to send characters over the network as images; obviously this used a lot of bandwidth and was horrendously slow.

The situation can be improved by turning off anti-aliased fonts. Creating a $HOME/.fonts.conf file containing this:

    <?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
  &lt;match target=&quot;font&quot;&gt;
      &lt;edit name=&quot;antialias&quot; mode=&quot;assign&quot;&gt;&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
  &lt;/match&gt;

</fontconfig>

on the computer where Wireshark is run (and obviously in the $HOME of the user running Wireshark) can help the situation. I don’t think you have to do anything else besides starting Wireshark again. If the change took effect you should notice that the fonts Wireshark (and any other GTK2 application) uses look pretty horrible.

Some of my coworkers reported good success with this change, but others said it didn’t help much. If it doesn’t help you, you may want to try another X server. Cygwin has a free one for Windows but you may also be able to get demo versions of Windows-based commercial products (at least to see if it’s an X-server problem). Personally, all of my remote (via SSH) Wireshark problems went away when I started using Linux on my desktop (with Windows in a VM).

[Update] Don’t forget to drop by and Accept this answer if it answered your question.

answered 02 Feb ‘11, 07:48

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 09 Mar ‘12, 07:04