Re: [Wireshark-users] Which hardware
Use a linux box to run wireshark on instead. It is cheaper than terminal servers and as a bonuson the same hardware, processing the same capture files, wireshark will run several times faster on linux than w2k3 On Sat, Feb 9, 2008 at 1:46 AM, Taco Amory [EMAIL PROTECTED] wrote: Hi, Maybe somebody could help me? In our company we want to sniff on an Ethernet line to Internet. Currently we have an average throughput of 35 Mbit/s. We have already placed a line tap inline on the connection towards internet. The wish is that more then one user can use wireshark simultaneous. I was thinking to use windows 2003 server with a license of 5 terminal server sessions. My main concern is which hardware I need to use to handle the traffic. Does somebody have some suggestions? Or have somebody another solution? Taco Amory ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Which hardware
ronnie sahlberg schrieb: Use a linux box to run wireshark on instead. It is cheaper than terminal servers and as a bonuson the same hardware, processing the same capture files, wireshark will run several times faster on linux than w2k3 Do you have any hard facts, or is this the usual Linux-FUD? Regards, ULFL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Which hardware
Hi, Maybe somebody could help me? In our company we want to sniff on an Ethernet line to Internet. Currently we have an average throughput of 35 Mbit/s. We have already placed a line tap inline on the connection towards internet. The wish is that more then one user can use wireshark simultaneous. I was thinking to use windows 2003 server with a license of 5 terminal server sessions. My main concern is which hardware I need to use to handle the traffic. Does somebody have some suggestions? Or have somebody another solution? Taco Amory ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Which hardware
Personal first hand experience. I have tested this myself on several PCs and compared. The same host, the same capture file, the same preferences using the same SVN version of wireshark it ran 2+ times faster when booting into linux than w2k and w2k3. Bear in mind, the tests were all for semi large capture files in the range 10-200MByte and testing how long it takes to load a trace, how long it takes to filter a trace, how long it takes to bring up the tcp sequence number graph. I think it was something like 5-6 different single and multi cpu systems. (multiprocessing is a bit pointless with wireshark) The purpose was to find which hw+sw config would perform the fastest a large group of users that would spend significant amount of time looking at and filtering and analyzing 100MB - 1GByte large capture files. I dont care what systems the end users would end up using, they just wanted to know : which hw+sw combination should we use to make analyzing/filtering of large captures as fast as possible. For small captures the difference was smaller than for large captures. the larger the capture the more dramatic the difference was. That is probably an effect of linux having wastly better memory management than windows. For what its worth, comparing to similar specced hw platforms that ran OSX, OSX performed slightly worse than a similar linux setup on small captures but sligtly better than linux for very large captures. ronnie s On Sat, Feb 9, 2008 at 8:16 AM, Ulf Lamping [EMAIL PROTECTED] wrote: ronnie sahlberg schrieb: Use a linux box to run wireshark on instead. It is cheaper than terminal servers and as a bonuson the same hardware, processing the same capture files, wireshark will run several times faster on linux than w2k3 Do you have any hard facts, or is this the usual Linux-FUD? Regards, ULFL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Which hardware
the OSX tests was on similarly specced hardware. I could obviously not test how OSX Wireshark behaved/performed on the same physical machine I tested with Windows. On Sat, Feb 9, 2008 at 11:25 AM, ronnie sahlberg [EMAIL PROTECTED] wrote: Personal first hand experience. I have tested this myself on several PCs and compared. The same host, the same capture file, the same preferences using the same SVN version of wireshark it ran 2+ times faster when booting into linux than w2k and w2k3. Bear in mind, the tests were all for semi large capture files in the range 10-200MByte and testing how long it takes to load a trace, how long it takes to filter a trace, how long it takes to bring up the tcp sequence number graph. I think it was something like 5-6 different single and multi cpu systems. (multiprocessing is a bit pointless with wireshark) The purpose was to find which hw+sw config would perform the fastest a large group of users that would spend significant amount of time looking at and filtering and analyzing 100MB - 1GByte large capture files. I dont care what systems the end users would end up using, they just wanted to know : which hw+sw combination should we use to make analyzing/filtering of large captures as fast as possible. For small captures the difference was smaller than for large captures. the larger the capture the more dramatic the difference was. That is probably an effect of linux having wastly better memory management than windows. For what its worth, comparing to similar specced hw platforms that ran OSX, OSX performed slightly worse than a similar linux setup on small captures but sligtly better than linux for very large captures. ronnie s On Sat, Feb 9, 2008 at 8:16 AM, Ulf Lamping [EMAIL PROTECTED] wrote: ronnie sahlberg schrieb: Use a linux box to run wireshark on instead. It is cheaper than terminal servers and as a bonuson the same hardware, processing the same capture files, wireshark will run several times faster on linux than w2k3 Do you have any hard facts, or is this the usual Linux-FUD? Regards, ULFL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Which hardware
ronnie sahlberg schrieb: Personal first hand experience. SCNR to ask your motivations ;-) I have tested this myself on several PCs and compared. The same host, the same capture file, the same preferences using the same SVN version of wireshark it ran 2+ times faster when booting into linux than w2k and w2k3. Bear in mind, the tests were all for semi large capture files in the range 10-200MByte and testing how long it takes to load a trace, how long it takes to filter a trace, how long it takes to bring up the tcp sequence number graph. I think it was something like 5-6 different single and multi cpu systems. (multiprocessing is a bit pointless with wireshark) Well, while *capturing*, the capture and display tasks could run on two different CPU's - however, I've never checked if they really do ;-) The purpose was to find which hw+sw config would perform the fastest a large group of users that would spend significant amount of time looking at and filtering and analyzing 100MB - 1GByte large capture files. I dont care what systems the end users would end up using, they just wanted to know : which hw+sw combination should we use to make analyzing/filtering of large captures as fast as possible. Right! And I don't have any problems with your recommendation as you have tested it :-) That is probably an effect of linux having wastly better memory management than windows. Oh, come on! Please don't spread FUD just as Microsoft does!!! Simply stating that Wireshark is 2+ times faster on Linux than on Windows, so this is probably caused by worse memory management on Windows is just FUD. Keep in mind that the libraries used to run Wireshark/tshark all have their origins in the Unix world, so they're probably optimized here and ported more or less well to the Windows platform. For example, GTK+ is running almost natively on X (basically it was build as a replacement for motif) and was much later ported to Windows. Therefore it's just very likely that GTK+ is running faster on Linux than on Windows. Following the same argumentation, using a fast commercial analyzer (highly optimized for) Windows compared to Wireshark would clearly state the superior Windows platform ... Regards, ULFL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
