Wireshark · Wireshark-dev: Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?

Wireshark-dev: Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?

From: Anders Broman <anders.broman@xxxxxxxxxxxx>

Date: Tue, 28 Mar 2017 13:59:48 +0000


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: den 27 mars 2017 22:33
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?

On Mar 27, 2017, at 1:14 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

>> Currently, with that fix, I get results like
>> 
>> $ time ./tshark -r /tmp/nothing.pcap 
>> 
>> real    0m1.407s
>> user    0m0.312s
>> sys     0m0.676s
>> 
>> with the extcap directory in place and results like
>> 
>> $ time ./tshark -r /tmp/nothing.pcap 
>> 
>> real    0m0.334s
>> user    0m0.182s
>> sys     0m0.146s

>> with the extcap directory moved out of the way, so the extcap executables are taking some time to run, but it's better than wasting time trying to run androiddump.c or Makefile.am.

>And, if I move various extcap executables out of the way:
>
>$ time ./tshark -r /tmp/nothing.pcap		# all executables
>
>real    0m1.484s
>user    0m0.313s
>sys     0m0.720s
>
>$ time ./tshark -r /tmp/nothing.pcap		# after removing androiddump
>
>real    0m1.179s
>user    0m0.287s
>sys     0m0.588s
>
>$ time ./tshark -r /tmp/nothing.pcap		# after removing ciscodump
>
>real    0m0.950s
>user    0m0.254s
>sys     0m0.491s
>
>$ time ./tshark -r /tmp/nothing.pcap		# after removing randpktcdump
>
>real    0m0.688s
>user    0m0.228s
>sys     0m0.334s
>
>$ time ./tshark -r /tmp/nothing.pcap		# after removing sshdump
>
>real    0m0.493s
>user    0m0.198s
>sys     0m0.235s
>
>$ time ./tshark -r /tmp/nothing.pcap		# after removing udpdump
>
>real    0m0.335s
>user    0m0.183s
>sys     0m0.145s
>
>So that's about .3 seconds for androiddump, about .23 seconds for ciscodump, about .26 seconds for randpktcdump, about .19 seconds for sshdump, and about .16 seconds for usbdump.
>
>So none of them are individually out of the ordinary, but about 1.5 to 2.5 seconds per program, with 5 programs, adds up.
>

Would it be possible to run them in parallel?

Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Why does the extcap stuff take so long to start up?
  - From: Guy Harris
- Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?
  - From: Michał Łabędzki
- Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?
  - From: Guy Harris
- Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?
Next by Date: Re: [Wireshark-dev] Packet sample repository/library?
Previous by thread: Re: [Wireshark-dev] Why does the extcap stuff take so long to start up?
Next by thread: [Wireshark-dev] Default snaplen in man page
Index(es):
- Date
- Thread