I have been doing a lot of work on this as
I am capturing / processing data from around 4000 users on a gig link.
Ubuntu Linux (no gui) has been more
stable and slightly faster than xp sp3. Also when is the last time you
had to reboot your linux box ^_^.
Windows has a built in limit to how much
memory a single process can use which I think is around the 2gb mark but don’t
quote me.
Linux can also have something similar but
it’s changeable.
Both windows/linux disk cache and
sometimes does not free up the mem fast enough for a hungry Wireshark although Linux
does it quicker and you can manually flush it if you want..
Never compared to win2k before.
What I suggest you do is separate the
capture and display processes. I don’t know what cpu you have
but most modern ones have multiple cores and any particular tshark/Wireshark will
only use one of them.
If you only want the headers use “–s
x” where x is around 64 to save your memory.
For speed always use tshark to capture.
If you need on the fly make tshark move to a new capture file every x
seconds. You can then use tshark / and or Wireshark to display the
capture file.
If you use tshark to display the capture
file using “-o column.format” rather than “-T fields -e”
seems to be much faster.
Hope that helps.
Chris
-----Original
Message-----
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Schimek,Hans
Sent: 30 June 2009 10:47
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] which
Operating System for Wireshark ? bestperformance
Hi !
Right now I am running Windows 2000 Server
on a quite powerful machine.
Could you please tell me on which operating
system wireshark is running best ?
Does Linux improve the performance of the
application ? or making it running more
stable – on windows the app crashes
quite often when analyzing bigger files.
Machine has 16GB of RAM
Thx
Hans