Wireshark · Wireshark-dev: [Wireshark-dev] TCP reassembly slow

Wireshark-dev: [Wireshark-dev] TCP reassembly slow

From: Simon Barber <simon.barber@xxxxxxxxxx>

Date: Fri, 24 Mar 2017 16:11:39 -0700

When loading a large file (0.5M packets) with a large single TCP stream in it, wireshark gets very slow. I did some profiling and found 90% of the CPU time was spent in epan/reassemble.c LINK_FRAG() - scanning through a long singly linked list and adding to the end of it.

As a work around I disabled 'allow subdissector to reassemble TCP streams' in the TCP protocol preferences. This makes loading this file much faster.

Simon

Follow-Ups:
- Re: [Wireshark-dev] TCP reassembly slow
  - From: Guy Harris

Prev by Date: [Wireshark-dev] RTP player - a suggestion
Next by Date: Re: [Wireshark-dev] Release package for Mac
Previous by thread: Re: [Wireshark-dev] RTP player - a suggestion
Next by thread: Re: [Wireshark-dev] TCP reassembly slow
Index(es):
- Date
- Thread