Wireshark · Wireshark-dev: [Wireshark-dev] Why does it take so long to parse certain captures?

Wireshark-dev: [Wireshark-dev] Why does it take so long to parse certain captures?

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>

Date: Thu, 5 May 2022 15:42:27 -0700

Hi folks,

I am often handling SMB2 captures with lots of compound requests.

I am looking at one at the moment that has about 300,000 packets in
it, about half of which are SMB2 requests but they are mostly compound
requests with three SMB2 requests in each compound:

1. CREATE some file,
2. QueryInfo the Security Descriptor for the file,
3. CLOSE the file.

This takes an extraordinary amount of time to load even though I have
64GB on that machine. (Around 10 minutes or more.)

Moreover, other captures with a comparable number of packets but no,
or fewer, SMB compound requests take far less time to load.

Does anyone have any ideas on why this is so?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)

Follow-Ups:
- Re: [Wireshark-dev] Why does it take so long to parse certain captures?
  - From: Jaap Keuter

Prev by Date: [Wireshark-dev] Windows build - copy_data_files.vcxproj warning
Next by Date: Re: [Wireshark-dev] Why does it take so long to parse certain captures?
Previous by thread: [Wireshark-dev] Windows build - copy_data_files.vcxproj warning
Next by thread: Re: [Wireshark-dev] Why does it take so long to parse certain captures?
Index(es):
- Date
- Thread