Wireshark-dev: [Wireshark-dev] LUA Comparative Times
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Paul Offord <Paul.Offord@xxxxxxxxxxxx>
Date: Wed, 13 Jul 2016 14:53:34 +0000

Hi,

 

I recently measured some load and filter times with and without a LUA postdissector plugin called TRANSUM.  I tried three different scenarios:

 

·        No LUA - without any plugins other than those shipped as standard

·        Bypassed LUA – with TRANSUM but a preference set so that on entry to the postdissector immediately returns to Wireshark

·        LUA Enabled – with TRANSUM enabled

 

The test file was a 47MB pcapng file with mostly web traffic.  Almost all of the data packets would have been scrutinised by TRANSUM in some detail.

 

I timed loading the file and then filtering with the expresssion tcp.len>0.  The timings were:

 

 

No LUA

Bypassed LUA

LUA Enabled

Load of file

1.0s

2.5s

5.4s

Filter with tcp.len>0

1.7s

2.9s

5.2s

 

The thing that surprised me was the impact of just having the LUA loaded, even if it immediately returned to Wireshak (the Bypassed LUA scenario).

 

Not a problem – just an observation.

 

Best regards…Paul

 

Paul Offord FBCS CITP
Chief Technical Officer
Advance7

Phone:  01279 211 668
Mobile:  07764 931 431
Email:  paul.offord@xxxxxxxxxxxx
LinkedIn:  https://uk.linkedin.com/in/paulofford

 


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________