Wireshark-users: [Wireshark-users] Windows Wireshark GUI in live capture: slow

Date Prev · Date Next · Thread Prev · Thread Next
From: EforeZZ <eforezz@xxxxxxxxx>
Date: Tue, 30 Sep 2008 18:15:25 +0300
Hello all,

I'm experiencing a strange problem with Wireshark (Windows version) whenever I check the option "Update list of packets in real time". The checkbox "Enable network name resolution" is turned off so it is not the issue.
The GUI becomes unresponsive and it takes a few seconds for a button to be pressed and for a few new lines of the live capture to be displayed. The capture may stop 30-60 seconds after the button Stop or CTRL+K has been pressed: Wireshark keeps displaying few lines of the live capture avery 2-5 seconds. The CPU utilization is not 100% so I have no clue what slows down the Wireshark. I used Sysinternals' Process Monitor and found out that Wireshark constantly accesses registry keys from HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ but this does not seem to be the reason to work at the turtle speed.

Everything worked fine before I migrated my Windows profile to the new domain and uninstalled the McAffee antivirus and reinstalled the MS Office. I'm not sure what triggered this problem but everything else works good.

I have this problem on another Windows 2000 computer and I have no clue how has this problem been triggered (I migrated the Windows profile on that PC too).

Is there any way to find out what's the problem and/or to fix it?

Best regards,
EforeZZ