This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

packet dissection is too slow, on applying read filter, how to optimize

0

so basically i have written a tool,and what it does is

1- capture the packets,write this into a file, initialize epan module

2- open the file using pcap_open_offline(...), then call pcap_loop(...)and in handler function for this apply read filter(for any identity present in request message) on it, call dissection utilities.

3- go to print the packet data, extract message_id.

4- now open the file again using pcap_open_offline() then call pcap_loop() and in handler function, apply this message_id as read filter to print both request and response(req and res have same message_id),call dissection utilities.

5- go to print the output.

now i have this network, messages coming at approx rate of 5k per sec., and this application is taking too much time to print for any identity corresponding to read_filter.how to optimize it, as i have seen,wireshark doing same stuff, capturing then applying read_filter to print the desired output.

asked 17 Jun '13, 13:27

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%