Personal first hand experience.
I have tested this myself on several PCs and compared. The same host,
the same capture file, the same preferences using the same SVN version
of wireshark
it ran 2+ times faster when booting into linux than w2k and w2k3.
Bear in mind, the tests were all for semi large capture files in the
range 10-200MByte and testing how long it takes to load a trace, how
long it takes to filter a trace, how long it takes to bring up the tcp
sequence number graph.
I think it was something like 5-6 different single and multi cpu systems.
(multiprocessing is a bit pointless with wireshark)
The purpose was to find which hw+sw config would perform the fastest a
large group of users that would spend significant amount of time
looking at and filtering and analyzing 100MB - 1GByte large capture
files. I dont care what systems the end users would end up using,
they just wanted to know :
"which hw+sw combination should we use to make analyzing/filtering of
large captures as fast as possible".
For small captures the difference was smaller than for large
captures. the larger the capture the more dramatic the difference
was.
That is probably an effect of linux having wastly better memory
management than windows.
For what its worth, comparing to "similar" specced hw platforms that
ran OSX, OSX performed slightly worse than a similar linux setup on
small captures but sligtly better than linux for very large
captures.
ronnie s
On Sat, Feb 9, 2008 at 8:16 AM, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> ronnie sahlberg schrieb:
>
> > Use a linux box to run wireshark on instead.
> > It is cheaper than terminal servers and as a bonus on the same
> > hardware, processing the same capture files, wireshark will run
> > several times faster on linux than w2k3
> >
> Do you have any hard facts, or is this the usual Linux-FUD?
>
> Regards, ULFL
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
