Wireshark-dev: Re: [Wireshark-dev] Wireshark Performance

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 2 Dec 2015 16:36:17 +0100


2015-12-02 16:31 GMT+01:00 Anders Broman <anders.broman@xxxxxxxxxxxx>:

This change is also in master-2.0, so it cannot be the culprit.

Pascal.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Pascal Quantin
Sent: den 2 december 2015 16:26


To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

 

 

 

2015-12-02 16:12 GMT+01:00 POZUELO Gloria (BCS/PSD) <gloria.pozuelo@xxxxxxxx>:

Where can I find that option?

 

On Windows, Ctrl + Shift + E, or in the menu Analyze -> Enabled protocols. Unselect stun_udp.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Wednesday 2 December 2015 16:08


To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

 

Hi,

It’s probably deeper down, dissect_stun_heur has gone from 3.51 to 14.06.

@ Gloria can you try to turn the stun heuristic off to see if it makes a difference?

Regards

Anders

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Evan Huus
Sent: den 2 december 2015 16:02
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

 

The only recent change to conversation_match_exact was the conversion from address macros to functions, but in all cases the macros were just pointing to the functions anyways so I can't imagine that would have a huge effect on performance?

 

On Wed, Dec 2, 2015 at 9:45 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: den 2 december 2015 15:41
To: Developer support list for Wireshark; alexis.lagoutte@xxxxxxxxx
Subject: Re: [Wireshark-dev] Wireshark Performance

 

Hi,

Running valgrind on my standard pcap we have gone from

==36946== Callgrind, a call-graph generating cache profiler

==36946== Copyright (C) 2002-2013, and GNU GPL'd, by Josef Weidendorfer et al.

==36946== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info

==36946== Command: /home/ericsson/wireshark/.libs/lt-tshark -Y frame -nr /home/ericsson/etxrab/TCT_SIP_traffic.pcapng

==36946==

==36946== For interactive control, run 'callgrind_control -h'.

==36946==

==36946== Events    : Ir

==36946== Collected : 18211043816

==36946==

==36946== I   refs:      18,211,043,816

 

to

 

==4865==

==4865== Events    : Ir

==4865== Collected : 1595333469530

==4865==

==4865== I   refs:      1,595,333,469,530

 

The big difference seems to be

 

Latest                                                              June

87.95  37.92 6 076 548  g_hastable_lookup  5.56 2.98 6 515 523

 

Looking deeper

49.43 25 142 686 213 conversation_match_exact 0.32 576 548

 

decode_udp_ports seems much more expensive

 

Regards

Anders

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of POZUELO Gloria (BCS/PSD)
Sent: den 2 december 2015 14:01
To: Developer support list for Wireshark; alexis.lagoutte@xxxxxxxxx
Subject: Re: [Wireshark-dev] Wireshark Performance

 

I’ve been testing the performance a little more and it seems that the loading time has increased not only for GTP protocol. I have sniffed a pcap composed by 22844 packets and if you open it up with both versions, v2.0 lasts 0.520s and v2.1 lasts 1.433s. But as you saw before for GTP protocol is even worse, I’ll try to get a pcap example that I can share.

 

Regards.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of POZUELO Gloria (BCS/PSD)
Sent: Wednesday 2 December 2015 09:13
To: alexis.lagoutte@xxxxxxxxx; Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

 

I can’t share this one, because it has user data and it’s confidential, but we are going to generate another one that can be share. We are using GTP protocol, if that gives you a clue.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Alexis La Goutte
Sent: Wednesday 2 December 2015 09:08
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Wireshark Performance

 

You can directly add the text output of load time...

It is possible to share your pcap ?

 

On Wed, Dec 2, 2015 at 9:04 AM, POZUELO Gloria (BCS/PSD) <gloria.pozuelo@xxxxxxxx> wrote:

I attach the screen captures better.

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of POZUELO Gloria (BCS/PSD)
Sent: Wednesday 2 December 2015 08:53
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Wireshark Performance

 

Hello,

Here is the loading time difference between the v2.0 and the last automated build for win64 Wireshark-win64-2.1.0-875-g9779ae3.exe

Imágenes integradas 2Imágenes integradas 1

Regards.

 



**** DISCLAIMER****
http://www.bics.com/maildisclaimer/


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe