Wireshark Windows Vs Linux

I have always enjoyed testing tools in my lab. For those of you who have followed me over the years, know that I always say that you should ‘know your tools’. I know this sounds obvious but trust me, it is anything but obvious.

For example, you have a relatively new laptop with 8 GB or RAM, i7 processor and 1 Gb Ethernet adapter. So, you would think that you should be able to capture traffic up to 1 Gbps, right? Wrong!!

In my last article, “Wireshark, Microsoft pktmon, packet testing” (https://youtu.be/pZtWAwiH7lk), I compared various command line and GUI tools and how efficient they were in capturing packets. Thank you for all the feedback and I thought I would use one of the suggestions for this next article.

The point of the article is that you need to test your tools using various packet sizes and loads to determine when it will drop packets. The secondary goal is to show you how I tested my tools so you can use a similar methodology for your testing.

In this article, I compared the Wireshark GUI performance on a Linux and Windows. I used the same laptop for both tests and neither was within a VM. The only result that shocked me was that Windows barely outperformed Linux in the 10%, 64 Byte test. See, I learned something as well.

Tony Fortunato is a Senior Network Performance Specialist with experience in training, design, implementation, and troubleshooting networks since 1989. https://www.thetefirm.com