This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

version 2 performance on Mac

0

I've installed the release version of 2.0.0 on my Mac and while the fast startup is great, I get constant beachballs and non-responsiveness from the application when capturing packets. I'm running Mac OS X 10.11.1 on a Mac Pro with a 3.7Ghz quad-core Xeon E5 and 16GB ram. None of my other applications are affected, it seems like Wireshark itself is going periodically unresponsive. Is this intended, or a bug?

Cheers, James

asked 25 Nov '15, 03:38

James%20Dore's gravatar image

James Dore
21225
accept rate: 0%


2 Answers:

1

Another common cause of Wireshark reporting that it's busy is if:

  1. You have network name resolution enabled
  2. (and) you're not using asynchronous resolution

Actually I think the transport name resolution has also been known to be very slow on Macs too. You might want to try disabling all the name resolution options.

(Of course if the problem really is too much traffic then this won't help--you could check Wireshark's CPU usage during the busy times to know if it's really working hard or if it's blocked doing something slow like doing a synchronous DNS request.)

answered 25 Nov '15, 08:16

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Ah, that made a BIG difference, thanks!

(25 Nov '15, 08:24) James Dore

1

It's most certainly not intended, but can happen when you capture on a link that is really busy. You should avoid capturing with the Wireshark GUI and use dumpcap instead.

See https://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/ for some insights on why dumpcap is the better choice.

answered 25 Nov '15, 03:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 25 Nov '15, 03:41

Excellent, very useful.

(25 Nov '15, 03:53) James Dore