Wireshark-bugs: [Wireshark-bugs] [Bug 2343] Huge increase in Wireshark runtime memory foot print

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 11 Mar 2008 04:04:58 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2343


Jim Young <jyoung@xxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #3 from Jim Young <jyoung@xxxxxxx>  2008-03-11 04:04:54 GMT ---
Hello Steve,

Thank you.  It looks like you've fixed the memory problems I reported.  I
believe this bug is resolved.  With SVN 24597, Wireshark's runtime memory
footprint is much inline with what I expected.

For the record I put together the following table (in CSV format) of win32 "PF
Usage"[1] values for previous Wireshark releases along with the two different
entries for SVN 24597 one without and one with the custom column feature
enabled ("ip.version").

"Wireshark PF Usage", "Trace file PF Usage", "Combined PF Usage", "Wireshark
Version" 
42, 64, 106, "Version 0.99.3 (SVN Rev 19011)"
49, 59, 108, "Version 0.99.4 (SVN Rev 19757)" 
40, 68, 108, "Version 0.99.5 (SVN Rev 20677)" 
41, 70, 111, "Version 0.99.6a (SVN Rev 22276)" 
51, 71, 122, "Version 0.99.7 (SVN Rev 23910)" 
53, 71, 124, "Version 0.99.8 (SVN Rev 24492)" 
52, 71, 123, "Version 0.99.9-SVN-24597 (SVN Rev 24597)" 
53, 79, 132, "Version 0.99.9-SVN-24597 (SVN Rev 24597) w/ custom column" 

[1] "PF Usage" is a metric available from the "Performance" tab of the Windows
"Task Manager" application.  This metric can be used to give a pretty good
estimate of the run time memory footprint of an application.  In the table
above, the "Wireshark PF Usage" represents the difference in the reported PF
Usage (in MB) before and after starting Wireshark.   At this point no trace
file has been loaded.  The second column in the table above, "Trace file PF
Usage", is the difference in reported PF Usage (in MB) before and after loading
a trace file (31,950,170 bytes) containing 121794 frames.  The third column is
the sum of column one and two.   Column four indicates what version of
Wireshark was used.

In the past I have observed that Wireshark's runtime memory footprint tends to
increase by four to eight times the size of the trace file.  An 8 MB trace file
tends to increase PF Usage by 32 MB.   Of course this is just a very gross
estimate of expected PF Usage that can (and will) vary greatly by the type of
data within a trace file and by the features enabled in the Wireshark
preferences.  But I often use this number as a rough guide when someone
complains about being unable to load a 1 GB trace file on a 2 GB system! ;-)

I hope someone may find this information useful.   

Steve thanks again!


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.