When I try and load a small capture (<5MB) Wireshark take over 2.5GB of ram and it takes a long time for the capture to appear on the screen. When my coworker loadss the same file on his machine running the same version of Wireshark it comes right up and utilizes little memory. Any ideas? Thanks for the assist! asked 19 Jul '16, 11:35  kdonovan9 edited 20 Jul '16, 08:05  cmaynard ♦♦ |
2 Answers:
I'd suggest comparing your You could also look for any other differences between the machines, such as OS, 64-bit vs. 32-bit, etc. Compare answered 19 Jul '16, 11:47 cmaynard ♦♦ |
Another possibility we saw recently is that your ssl_keylog file has grown to a huge size. See bug 12501 for the history. answered 20 Jul '16, 06:19  JeffMorriss ♦ I have this same problem. I downgraded to 2.2.8 and removed my personal settings as well. My sslkeylog is 70M. I will have to see what I did to enable the use of that file and see if my slowness comes back. (26 Jul '17, 10:47) garrywx Ok that was it for sure. Recreated my problem after changing the setting under Pref->Protocols->SSL (Pre)-Master-Secret Log filename to point at my 70M file. I then deleted the file and performance is back to normal. (26 Jul '17, 11:04) garrywx |
Did you try with identical Wireshark Versions and identical profiles? Profile settings can affect how Wireshark behaves, so even the same version may show differences.
Easiest way to test is to create a new (=default) profile on both machines, and load the trace again.