I have a 400M bytes pcap file which contains one TCP flow. I want to extract the transferred data on this flow. So I follow tcp flow and extract the data to tmp file. The command is as below. Result of this command is correct. But the performance is very bad. It takes 7~8 minutes. Is there any method to improve the performance? tshark -n -r "query29_reconstructFileFTP32705_1.pcap" -q -z "follow,tcp,raw,10.79.46.6:54775,10.140.40.209:60901" > fm_tmp_txt asked 27 Jul '17, 06:58  hdl2041827 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
