On Sat, Feb 9, 2008 at 12:27 PM, Ulf Lamping <[EMAIL PROTECTED]> wrote: > ronnie sahlberg schrieb: > > Personal first hand experience. > > > SCNR to ask your motivations ;-) > > > I have tested this myself on several PCs and compared. The same host, > > the same capture file, the same preferences using the same SVN version > > of wireshark > > it ran 2+ times faster when booting into linux than w2k and w2k3. > > Bear in mind, the tests were all for semi large capture files in the > > range 10-200MByte and testing how long it takes to load a trace, how > > long it takes to filter a trace, how long it takes to bring up the tcp > > sequence number graph. > > I think it was something like 5-6 different single and multi cpu systems. > > (multiprocessing is a bit pointless with wireshark) > > > Well, while *capturing*, the capture and display tasks could run on two > different CPU's - however, I've never checked if they really do ;-)
This use case was for people that would never capture. only download existing captures from a central repository for post capture analysis. > > > The purpose was to find which hw+sw config would perform the fastest a > > large group of users that would spend significant amount of time > > looking at and filtering and analyzing 100MB - 1GByte large capture > > files. I dont care what systems the end users would end up using, > > they just wanted to know : > > "which hw+sw combination should we use to make analyzing/filtering of > > large captures as fast as possible". > > > Right! And I don't have any problems with your recommendation as you > have tested it :-) > > > That is probably an effect of linux having wastly better memory > > management than windows. > > > Oh, come on! Please don't spread FUD just as Microsoft does!!! > > Simply stating that Wireshark is 2+ times faster on Linux than on > Windows, so this is probably caused by worse memory management on > Windows is just FUD. Keep in mind that the libraries used to run > Wireshark/tshark all have their origins in the "Unix world", so they're > probably optimized here and ported more or less well to the Windows > platform. For example, GTK+ is running "almost natively" on X > (basically it was build as a replacement for motif) and was much later > ported to Windows. Therefore it's just very likely that GTK+ is running > faster on Linux than on Windows. > > Following the same argumentation, using a fast commercial analyzer > (highly optimized for) Windows compared to Wireshark would clearly state > the superior Windows platform ... > Yes your right. WHY linux+wireshark is/was faster than windows+wireshark is unknown. It just is/was. The larger the capture file is/was the greater the difference is/was. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
