[Gerald Combs <gerald@xxxxxxxxxxxxx>]

There's also perf + FlameGraph:

https://www.brendangregg.com/FlameGraphs/cpuflamegraphs.html

although as I recall it's easier to get up and running with valgrind and kcachegrind.

On 5/6/22 9:30 AM, Richard Sharpe wrote:
> On Fri, May 6, 2022 at 1:01 AM Martin Mathieson via Wireshark-dev
> <wireshark-dev@xxxxxxxxxxxxx> wrote:
> > On linux,   I've had good profiling information in the past from using ./tools/valgrind-wireshark.sh -p -2 <pcap>
> > You view the resulting *.callgrind file using kcachegrind
>
> Ahhh, that is good to know.
>
> > Martin
> >
> > On Fri, May 6, 2022 at 6:42 AM Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> > > Without having looked at the SMB dissector, there could be a lot of housekeeping going on in the background, w.r.t. keeping track of chunks, searches for file handles to names, etc.Things add up quickly with large files like this.
> > >
> > > Jaap
> > >
> > > > On 6 May 2022, at 00:42, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
> > > >
> > > > Hi folks,
> > > >
> > > > I am often handling SMB2 captures with lots of compound requests.
> > > >
> > > > I am looking at one at the moment that has about 300,000 packets in
> > > > it, about half of which are SMB2 requests but they are mostly compound
> > > > requests with three SMB2 requests in each compound:
> > > >
> > > > 1. CREATE some file,
> > > > 2. QueryInfo the Security Descriptor for the file,
> > > > 3. CLOSE the file.
> > > >
> > > > This takes an extraordinary amount of time to load even though I have
> > > > 64GB on that machine. (Around 10 minutes or more.)
> > > >
> > > > Moreover, other captures with a comparable number of packets but no,
> > > > or fewer, SMB compound requests take far less time to load.
> > > >
> > > > Does anyone have any ideas on why this is so?
> > > >
> > > > --
> > > > Regards,
> > > > Richard Sharpe
> > > > (何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
> > >
> > > ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> > >               mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >               mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe