On Oct 26, 2011, at 1:06 PM, Stephen Fisher wrote:
> On Tue, Oct 25, 2011 at 10:29:42PM +0100, Marco Zuppone wrote:
>
>> thanks! I found out that excluding the Transport Name Resolution the
>> file loads in half second. Before was taking 5 minutes. The strange
>> fact is that Wireshark 1.4.9 under XP loads the file in seconds
>> regardless the Transport Name Resolution option.
>
> This sounds like bug #289:
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=289
5 minutes >> 14 seconds and, as indicated in that bug, we don't scan through the OS's entire services database any more. I'm not sure when that was done. I don't think it's the same problem as bug 289 - for one thing,
If it's doing a lot of getservbyport() calls, that would be slower, especially on a system that does it by sequentially scanning the /etc/services file. From a quick look at Libinfo-392, which is the version of Libinfo in Lion 10.7.2, that appears to be how it does it (at least to start with; dunno whether it asks opendirectoryd to check with, say, NIS or LDAP). I don't know what other UN*Xes do (the original BSD version sequentially scanned /etc/services, but at least some of the /etc files for getXXXbyYYY were changed to have an index to avoid sequential scans), nor what Windows does.
Then again, from a quick look at Libinfo-330.10, which is the version of Libinfo in Snow Leopard 10.6.8, it behaves the same way, so "Because it's Lion" might be a simple explanation, but it's likely to be an incorrect explanation....
