0

How to reduce the load while analysing big file?

asked 2021-06-20 19:09:00 +0000

neverxxsleep
1 ●1 ●1 ●2

Hello. I have 10 files of my packets captured. 1 file contains at least 2+ billion packets which cause big load for my system when I try to analyse file with endpoints, dialogues, etc. It can take up to 5-10 minutes to load it and then still lagging so much when I'm clicking "resolve names".

I think my pc not so bad, because it worked okay when I was analysing dump files with +-800k packets. So, are there any methods, maybe, how to divide analysis of 2 billion packets for 4 parts, for example?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

0

answered 2021-06-20 19:55:00 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

The Wireshark suite includes editcap that can be used to split a capture file into multiple parts.

There are options to split with a limit of the number of packets per file, -c or by interval (seconds per capture, -i.

There are also options to cut the length of each packet, -s, for example if you don't need traffic above the TCP layer.

edit flag offensive delete link

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2021-06-20 19:09:00 +0000

Seen: 99 times

Last updated: Jun 20 '21

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2