On Mon, 16 Feb 2004, Tan ChaurLih wrote: > Hi All, > > I'm currently using Ethereal to analyse logs which are collected on my > home network. As I leave tcpdump running for extended periods (close to 24 > hours per log), the captures end up to about 200+MB easily.
I tend to deal with large files as well. 300+ MB is not unusual as I capture from GigE. > Since I need to filter for various protocol parameters regularly when > auditing the traffic, I find Ethereal a pain as I have to wait quite a > while, even on a P4 2.8GHz with 128MB of RAM, for ALL the packets to be > dissected and then filtered. I was wondering if it was possible to cache > the results of all packet dissection in memory or an external file and index > it, avoiding the penalty of re-dissection on a change in filter expression. > Of course, there would be situations where packet dissection must happen all > over again (for example, changing some preferences), but for the most case, > the re-dissection is due to filtering. We recently went through an exercise to improve the speed of Ethereal. What version are you using? 0.10.0a is a lot faster. > As I am currently a student with a rather light workload, and I'm > interested in software development, I wonder if it's feasible for me to > modify Ethereal to do this and then integrate the changes back. Being a > newbie on the mailing list here, I would like to ask for the kind advice of > the more established members =) . Build a profiled version of Ethereal and then measure the cost using gprof to see where Ethereal is spending most of its time. Regards ----- Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com _______________________________________________ Ethereal-dev mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-dev
