This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 32-bit vs 64-bit performance advantages

0

Hello experts,

I am running wirehark 1.8.12 32-bit wireshark on my linux machine. Are there any substantial performance advantages of tshark if I upgrade it to 2.0 64-bit? Ofcourse I would have all the enhancements but would like to upgrade only if there is a considerate performance advantage that would speed up my tshark's capture and decode. Not conerned with the UI performance. I only need my back-end tshark's performance to improve. Thank you.

Best, Anirudh

asked 29 Feb '16, 23:44

anikastu's gravatar image

anikastu
6112
accept rate: 0%


One Answer:

1

The biggest advantage of the 64 bit version is that it can handle larger files. It may be also faster in new version as the developers keep improving the core as well, not just dissectors.

Oh, and tshark ddoesn't capture, it's dumpcap that does it. For that, 64 bit can probably be ignored as it doesn't matter that much when writing packets to disk.

Last but not least 1.8 is years old now, so it has known vulnerabilities someone could try to exploit.

answered 01 Mar '16, 05:05

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Yes, there were some significant efforts at increasing efficiency between 1.8 and now. That's not to say it's sure to be faster for all work loads but there's a good chance (e.g., maybe Wireshark got faster for TCP traffic but you deal mostly with SCTP which /could have/--I'm not saying it did--gotten slower due to some other changes). The only real way to tell would be to try it out.

(01 Mar '16, 06:02) JeffMorriss ♦

Great ! Thank you so much Jasper and Jeff. That helps. Yes will try out and see how it goes.

(01 Mar '16, 11:08) anikastu