When loading a large file (0.5M packets) with a large single TCP stream in it, wireshark gets very slow. I did some profiling and found 90% of the CPU time was spent in epan/reassemble.c LINK_FRAG() - scanning through a long singly linked list and adding to the end of it.
As a work around I disabled 'allow subdissector to reassemble TCP streams' in the TCP protocol preferences. This makes loading this file much faster. Simon
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
