Hello, What is maximum supported bitrate(UDP/RTP) that wireshark can analyse? asked 01 Jul '15, 06:27 Mor edited 01 Jul '15, 06:29 |
One Answer:
Infinite. It's software after all. But then you have to provide the platform to run it on, that's where the performance is to be made. answered 02 Jul '15, 04:20 Jaap ♦ |
My question was related to winpcap library used by wireshark. if 10Gig network card is used, how much bitrate winpcap lib can handle? I observed wireshark hangs and crashe at bitrate greater than 600Mbps
Depends on many factors, have a look at this answer made by Syn-bit https://ask.wireshark.org/questions/41844/duplicated-sequence-number?page=1&focusedAnswerId=41877#41877
To capture 10G traffic you must be able to store the data. (> 2GByte/s). There are reasons why the comercial capture solution have their price.
At that bitrate using the GUI version is not realy useful, I hope you had "Update packets in real time" turned off at least. Dumpcap or tshark is much more apropriate to use in that case. That said on comodity HW at that rate my unsientific tests start to show severe packet drops, with filters it might be possible to reach higer rates e.g the rate of packets passing the filter is less than 600Mbps.( Tested on Ubuntu, not Windows).