Using Wireshark 1.6.7 in Ubuntu 12.04 with promiscuous mode makes Wireshark run slow.

I have tried reinstalling Wireshark but it still runs slow. When I disable promiscuous mode it runs ok again.

Have 8gb of ram.

Is there a way to speed it up ?


disable name resolution.

Edit -> Preferences -> Name Resolution

disable the options related to name resolution, like 'Resolve network (IP) addresses' and 'Use an external network name resolver'


Hi Kurt this done the trick. Thanks.

(16 Mar '14, 05:25) kam270

First of all, you are running a quite old version; current is 1.10.6, so you might want to upgrade (if possible; I'm not sure what packages Ubuntu 12.04 has in the repositories).

Second, what do you mean exactly by "it still runs slow"? What is it doing that should be faster? Wiresharks speed depends largely on the amount of packets that it has to process, so if you're capturing packets on a very busy link you'll notice that it can't keep up with updating the display. If you're loading a trace with lots of packets it may also behave slowly because it has to process lots of data.

Keep in mind that it is not that important how much data there is (in bytes); the speed of Wireshark depends a lot more on the amount of packets, and what protocols they contain. There are many protocols that are more complex to decode and analyze than others, e.g. an ARP frame doesn't need much processing time while a complex high level protocol might take a lot longer to process.

If you need a faster capture process try doing it by running dumpcap instead of Wireshark (which in fact uses dumpcap to capture itself).

Yeah it is an old version , cant seem to get a .deb of the latest version. I may have to compile form source.

The slowness was in the interface. Menus were slow to load 4-7 seconds.

(16 Mar '14, 05:26) kam270
question asked: 15 Mar '14, 22:21

question was seen: 1,677 times

last updated: 16 Mar '14, 05:26

