On Wed, Dec 13, 2006 at 10:16:03PM +0100, Toralf F?rster wrote:
> I sniffed ~ 45000 packets and got 56 MB in a tmp file. I stopped
> wireshark and made a "Save as ...". After specifying a file name I saw
> a popup window like "Loading ..." for some time before the operation
> (it's only a rename ?) finished. Does wireshark loads the tmp file in
> the "Save As ..." routine again ? That would not be neccessary, or ?
I'm not very familiar with the saving routines, but after a quick glance
it appears to attempt renaming / copying the temp file as it is if
possible. On Windows, it will do a copy. On Unix, it will attempt a
rename if it is on the same file system and if not, do a copy. It does
run a routine to process all of the packets under certain circumstances,
such as saving only a range of packets. The action happens in file.c:
cf_save(). Are you on Windows? Were you saving the whole capture file?
Does this slow reprocessing happen every time you work with a large
capture file and save it?
Steve
