This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have run tshark for a duration of 5 sec, and saved the tshark output to a .pcap file. Then I have run C5 Sigma on this file. It creates the MySQL database successfully but I have a couple of problems:

The problem I am facing is thousands of warnings of the form [WARNING] - Unknown field: something.. and the processing time. Complete paste of logs here.

For example for a 921KB .pcap file having (1085 packets), it printed 2021065 warnings and took about 8.45 minutes to run.

More interestingly, when I tried to pass a path to an empty folder (in Windows) to the --inputpath parameter, and it still took 7 minutes to process, and printed 2021065 warnings.

So I have two questions:

How can I lessen the processing time of C5 Sigma? What are these fields that C5 Sigma is generating warnings about? Has anyone else faced this problem? Any tips or suggestions or advice is welcome.

asked 16 Aug '16, 00:44

Jesss's gravatar image

Jesss
51141720
accept rate: 0%

closed 16 Aug '16, 03:11

grahamb's gravatar image

grahamb ♦
19.8k330206

1

You'll have to go to the folks who make C5 Sigma for support on their product.

As such, this is off-topic for this site.

(16 Aug '16, 03:11) grahamb ♦

The question has been closed for the following reason "Question is off-topic or not relevant" by grahamb 16 Aug '16, 03:11

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×248
×238
×73
×61
×2

question asked: 16 Aug '16, 00:44

question was seen: 886 times

last updated: 16 Aug '16, 03:11

p​o​w​e​r​e​d by O​S​Q​A