[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    Re: [tcpdump-workers] why processing large trace file is very slow?
From:       Christian Kreibich <christian () whoop ! org>
Date:       2004-04-28 21:13:20
Message-ID: 1083186799.9096.234.camel () localhost ! localdomain
[Download RAW message or body]

Hi,

On Wed, 2004-04-28 at 13:59, ice ice wrote:
> Hi,
> I have been using tcpdump analyzing trace files. Recently I try to analyze 
> some big trace files of several hundreds Mbs to more than 2GB. I am not sure 
> why the tcpdump is so slow in processing the file, just a simple command:
> tcpdump -c 100 -r trace > output
> takes tens of minutes to finish. And the output file's size increases with a 
> speed of about 4K per 10 minutes.
> 
> I am wondering what cause the problem, and how I could solve it.

if run like this, tcpdump will try to resolve IP addreses to names --
sounds like you have a resolver problem. Try again using -n or -nn
options.

Best,
Christian.
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[prev in list] [next in list] [prev in thread] [next in thread]