This is a copy from the bug I filled in Bug Database to start a discussion between developers and community https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13694 Today most professional capture files can't be opened directly in Wireshark due to their size and in front of a 10GB pcap file, the open source user has:
At the opposite, network softwares are building indexes that are pretty efficient (Riverbed Packet Analyzer index and micro-index, Extrahop, etc ...) Several open source projects exist, but afaik none are really linked/approved by Wireshark community yet:
Discussion is wide and not straightforward: indexing will be a trade off between size of index / speed / evolutivity. The idea is to throw ideas / experience / suggestions and find some bases for some specifications/code integration/development to start and maybe integrate Wireshark one day. (File -> Index PCAP !) asked 10 May '17, 05:34  TomLaBaude |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
The place for such discussions is on the Wireshark Dev list mailist, this isn't a question that can be answered here.
Please start such a discussion, then a link for the mail archives can be posted back here for reference.
Thanks Graham, will do. I also wanted to have feedback from non Wireshark dev who may have used PCAP indexing or the previous products and have suggestions
I agree that soliciting input from all sources is helpful for the discussion, so a cross posting to the User Mailing list noting the Dev thread might help, but again, Ask really doesn't work well, or is designed for, discussions so as soon as the dev thread is started, I'll amend this question with the reference and close it out.
Just sent email to Wireshark-dev, awaits moderator approval as post by non-member to a members-only list
Did you subscribe to the list already? Otherwise you won't see on-list answers.