why processing large trace file is very slow?

["ice ice" <wildicecoco () hotmail com>]

Hi,
I have been using tcpdump analyzing trace files. Recently I try to analyze 
some big trace files of several hundreds Mbs to more than 2GB. I am not sure 
why the tcpdump is so slow in processing the file, just a simple command:
tcpdump -c 100 -r trace > output
takes tens of minutes to finish. And the output file's size increases with a 
speed of about 4K per 10 minutes.

I am wondering what cause the problem, and how I could solve it.

I expected the tcpdump works like reading packet one by one from trace file 
and process it and output it to the file. So the size of the output file 
should increase linearly along the processing. Even the file is huge, it 
should read a little from the input file and keep outputing results to the 
output file with a fast speed, just the overall time may be long.

I am in an urgent to handle those trace file, any information is highly 
appreciated.

thanks,
zs

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.