On Mon, Dec 10, 2018 at 10:05 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Dec 10, 2018, at 8:18 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>
> > On Mon, Dec 10, 2018 at 8:11 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
> >
> >> On Dec 10, 2018, at 5:16 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
> >>
> >>> The Wireshark process is only consuming about 1.7GB of memory at the
> >>> moment and 17% of CPU on my laptop with NVMe and oodles of memory and
> >>> a 4-core Xeon.
> >>
> >> "At the moment" as in "after it finished loading, it's only consuming..." or "while it's loading, it's consuming..."?
> >
> > While it's loading it's consuming ...
>
> So if it's using one core, 25% would mean it's eating up all of one core's worth of CPU time (although it may or may not stay on that core).
>
> However, if it's a threaded Xeon, that's 4 physical cores and 8 virtual cores, so 12.5% would be one core/one thread's worth of CPU time.
>
> So it's possible that Wireshark is using an entire thread for one core, and is CPU-bound.
It's actually worse than I thought. I actually now have two ~10GB
captures, one for each stream
After grabbing a slice of one around where I thing the problem is, I
see there seems to be one or more dropped packets. I may be able to
repair the breakage with something that is 'fake but accurate' and the
slice is only ~400MB which is more tractable.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
