tcpdump mailing list archives

Re: why processing large trace file is very slow?

From: Christian Kreibich <christian () whoop org>
Date: Wed, 28 Apr 2004 14:13:20 -0700

Hi,

On Wed, 2004-04-28 at 13:59, ice ice wrote:

Hi,
I have been using tcpdump analyzing trace files. Recently I try to analyze 
some big trace files of several hundreds Mbs to more than 2GB. I am not sure 
why the tcpdump is so slow in processing the file, just a simple command:
tcpdump -c 100 -r trace > output
takes tens of minutes to finish. And the output file's size increases with a 
speed of about 4K per 10 minutes.

I am wondering what cause the problem, and how I could solve it.


if run like this, tcpdump will try to resolve IP addreses to names --
sounds like you have a resolver problem. Try again using -n or -nn
options.

Best,
Christian.
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

why processing large trace file is very slow? ice ice (Apr 28)
- Re: why processing large trace file is very slow? Christian Kreibich (Apr 28)