If you are using Wireshark (on Mac) and say, man, that Time column is messed, let's see some Dates with time instead of what Epoch time?
Ok, great, right click the column, choose to edit the column details and change it from the default to "Absolute date and time".
Now, why does it hang for a bit?
Well, if you are like me and left Wireshark running for a day or so while you are tracing a networking issue you might not notice how many frames you captured.
Say just under 2.5 million.
Whoops!!
Wireshark now has to reprocess each of these packets to convert the time to your desired format.
I said you'd say, "What did you expect?"
.....about 7 minutes later...
Ok, not so good. Maybe that would be, reprocess and then crash.
Serves me right.
Time to go sniff some more packets.
No comments:
Post a Comment