https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6073
Summary: packet parser takes too long for this trace
Product: Wireshark
Version: 1.6.0
Platform: Other
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxxxxxx
Created an attachment (id=6587)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6587)
capture file with the problem
Build Information:
[~/wireshark-1.6.0] edwin@t43>./tshark -v
TShark 1.6.0 (SVN Rev Unknown from unknown)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with libz 1.2.3,
without
POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, with ADNS,
without Lua, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with Heimdal
Kerberos, with GeoIP.
Running on FreeBSD 8.2-RELEASE, with libpcap version 1.0.0, with libz 1.2.3.
Built using gcc 4.2.1 20070719 [FreeBSD].
--
This happens on various platforms. I have narrowed it down to these two packets
(attached).
When running "tshark -nr a.cap", the parsing takes a good 15 minutes with
tshark running at 100% CPU. When running "tshark -Vnr a.cap", the parsing is
instant.
It also takes a long time with the wireshark GUI.
The first packet shows up immediately.
The second packet shows up fifteen minutes later.
The capture was made with tcpdump and reduced to these two packets with
editcap.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
