Wireshark · Ethereal-dev: [Ethereal-dev] Memory allocation witchhunt??

Ethereal-dev: [Ethereal-dev] Memory allocation witchhunt??

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin" <martin.visser@xxxxxx>

Date: Thu, 28 Apr 2005 22:49:33 +1000

 All,

Just had a thought.  I was working on a fairly large capture file today
- around 100MB. (5 mins capture from a server link). The virtual memory
allocated by Ethereal (on W32 vers 0.10.10)  to read this in is around
670MB, memory used varies but is sitting on 80MB. I get awful paging
when working on this. (Curiously, if I try to exit Ethereal, the mem
usage climbs up to 200MB, and goes up and down swapping madly before
eventually I give and just kill the process.)

I know I could get more than my current 512MB RAM for not a whole lot of
money, but I guess one always has to stop somewhere. Also I know that
you can do a lot by simply streaming through tethereal. But does anyone
see any value in going on a memory witchhunt? I assume that memory is
mainly chewed up by the dissected structures. Are their any efficiencies
to be made here? 

I also notice that when you say run protocol hierarchy stats, you still
have to run through all the dissectors again anyway, so is some of the
stored info wasted anyway?

I know that Richard Sharpe (and maybe others) occasionally run Ethereal
through a profiler to look for CPU hogs. I guess I wonder if (and how )
there should also be memory profiling done as well? I would assume there
is sometimes a tradeoff between storing something for later on, and just
processing it when you need it.

If I am talking through my hat just let me know ;-) I haven't seriously
looked at the Ethereal code for a couple of years now - I know already
that a lot of thought has gone into its' structure.


Regards, Martin

Martin Visser, CISSP
Network and Security Consultant 
Consulting & Integration
Technology Solutions Group - HP Services

3 Richardson Place 
North Ryde, Sydney NSW 2113, Australia 
Phone: +61-2-9022-1670    
Mobile: +61-411-254-513
Fax: +61-2-9022-1800     
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.

Follow-Ups:
- Re: [Ethereal-dev] Memory allocation witchhunt??
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Administrivia: mailing list changes
Next by Date: Re: [Ethereal-dev] packet gsm a
Previous by thread: [Ethereal-dev] Re: assertion failed
Next by thread: Re: [Ethereal-dev] Memory allocation witchhunt??
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$