You open your file and it takes a long time to load because Wireshark is slow?
I had the same problem even with very small files (1 MB). From one day to the other my Wireshark just wasn’t able anymore to do it fast.
I was reading several forum for 2 days (I didn’t spend all my time for it) to understand why my Wireshark is slow. It was a very annoying problem and I saw many people having the same problem.
The suggested solution in the forum was to disable the DNS resolution by unchecking “Edit >> Preferences >> Name Resolution >> Resolve Network (IP) addresses”.
Unfortunately it did not solve my problem.
What was my solution?
In October 2017 I was visiting a presentation for HTTP2 at Velocity Conference in London ( I really recommend you to go there).
During that presentation I set the environment variable SSLKEYLOGFILE which points to a file and keep track of key logs.
It is useful in case you want external programs to decrypt TLS traffic.
You can also decrypt the traffic with Wireshark automatically by telling it where to find the key file via “Edit >> Preferences >> Protocols >> SSL >> (Pre)-Master-Secret log filename“.
This is exactly what i did and it did not cause problems at the beginning.
Now 3 month later (even not remembering I configured it) I was running into the problem with the file opening.
It seems that Wireshark is trying to decrypt the traffic with each of the keys in the log file and in case the key log file reaches a significant amount of size, Wireshark just takes ages to load your file.
My solution was to remove the file name from the field (Pre)-Master-Secret log filename in Wireshark.
Summary
Probably there are many more reasons why your files are not loading fast. In case you know other reasons, I am happy to hear them.
If you consider some parts of this post, you will be more successful in analyzing packet captures with Wireshark!
If you want to know more about it, join my Slack Workspace or send me an email.
Stay up-to-date and subscribe to my Newsletter!
Thank you for this! I did the exact same thing – couldn’t figure out why a 17MB file opened in 1 second on one laptop and 13.25 minutes on another! It was the SSL decryption based on the wireshark preference just like you said!
Great! Really helped. I was stuck with this long time.
Thanks for your post.
Hello Daniel.
I had the same issue.
I re install it, but unchecking Npcap and USBPcap components. After that, WS works good!
You saved my life. Thank you