https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5254
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Converted SNOOP capture |Some capture files are slow
|file slow to read in |to read in
--- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx> 2010-09-24 11:24:46 PDT ---
So far we have no evidence to indicate that the problem is the result of the
capture being done with snoop.
I'm assuming that "SNOOP" refers to the Solaris "snoop" utility, whose files -
as indicated by the fact that editcap can convert them - can be read by
Wireshark; editcap, Wireshark, and TShark use the same code to read particular
file formats.
Given, then, that Wireshark could, in fact, read the file without conversion
(if not, that's a bug), I repeat Jeff's question - what happens if you try to
read the snoop file directly?
As we don't know why this is occurring, we might need to see the two files and,
if it's taking more CPU time to read the slower file, read them in a "profiled"
version of Wireshark to see where the extra CPU time is being spent.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
