Re: AthTek NetWalk

[Guy Harris <guy () alum mit edu>]

On Sep 21, 2011, at 9:04 AM, Chris Maynard wrote:

> "AthTek NetWalk is the ONLY network analysis tool to offer full integration with
> Wireshark, and it performs better than using Wireshark. It has better speed,

For a 776 megabyte trace file, on my 32-bit virtual machine running Windows XP:

        Wireshark - read it in about 2 minutes 45 seconds (all the way to displaying the packets);

        AthTek NetWalk - read it in about 7 minutes 42 seconds.

Perhaps they were comparing against a Wireshark that used the old packet list, or something such as that?

(Just for fun, I tried it with NetMon 3.4 - it took about 2 minutes 45 seconds to display the packets, *but* it wasn't 
finished reading the capture; I tried dragging the scrollbar to the last frame, and it started parsing a lot more 
frames.  It's still parsing....  My guess is it makes a quick first pass to find all the frames - the native format has 
a frame table so it can quickly do that - and then does "lazy dissection" of frames, not dissecting until necessary, 
e.g. if you scroll down.)

As for "full integration with Wireshark", they appear to use Wireshark's dissectors in the packet view - they have a 
collection of Wireshark DLLs in the "wireshark" subdirectory, along with a bunch of the DLLs we use, including some 
GPLed ones.  They also have "wireshark.exe", so they might have done the usual "arm's length" trick to avoid having to 
give their stuff away.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe