tshark export to ek json too slow?
I'm using this version of tshark
TShark (Wireshark) 2.4.5 (Git v2.4.5 packaged as 2.4.5-1)
running on Ubuntu Server 18.04 LTS, and the export to ek json (-T ek > file.json) is being too slow. Here an example:
alvaro@alvaro-server:~/PF_RING/userland/examples_zc$ time tshark -r file.pcap -T ek > file2.json
^C
real 18m33.665s
user 14m2.707s
sys 4m3.751s
It didn't even finish and took 18 min...
What's the size of the input file, use capinfos to show the details? Have you tried turning off name resolution
-n
? Can you share the capture file somewhere publicly?These are the details of the pcap file:
I tried now turning off name resolution, but it doesn ...(more)
file uploaded