Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5111] New: Backward filtered searches in compressed captures is slow

Wireshark-bugs: [Wireshark-bugs] [Bug 5111] New: Backward filtered searches in compressed captur

Date: Fri, 13 Aug 2010 09:07:51 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5111

           Summary: Backward filtered searches in compressed captures is
                    slow
           Product: Wireshark
           Version: unspecified
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: turney_cal@xxxxxxx
                CC: turney_cal@xxxxxxx


Build Information:
Version 1.5.0

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Aug
13 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

--
Backward filtered searches in compressed captures is slow or hangs as compared
to forward searches in the same file. This problem is not specific to any
particular Wireshark version.  

To reproduce the issue open a zip'd or gzip'd capture that has at least 100K
uncompressed and has a compression ratio of 2:1 or better. Go to the last frame
and search backward for the filter "frame.number==1".  The progress bar will
appear but it may take hours for anything to happen. More important, the Cancel
button is unresponsive so Wireshark has to be manually terminated. 

A test capture is available at 
"ftp://ftp.emc.com/pub4/centera_tools/GNS/compressed.cap.gz"; which is 40MBs
compressed and 146MB uncompressed.

See "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5109"; for an excellent
discussion on a related topic.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 5111] Backward filtered searches in compressed captures is slow or can take several hours
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5109] Finding marked and time reference frames doesn't need to read the frame data
Next by Date: [Wireshark-bugs] [Bug 5067] Patch to add FastCGI dissector
Previous by thread: [Wireshark-bugs] [Bug 5067] Patch to add FastCGI dissector
Next by thread: [Wireshark-bugs] [Bug 5111] Backward filtered searches in compressed captures is slow or can take several hours
Index(es):
- Date
- Thread