This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark follow tcp flow for a 400M pcap file extremely slow

0

I have a 400M bytes pcap file which contains one TCP flow. I want to extract the transferred data on this flow. So I follow tcp flow and extract the data to tmp file. The command is as below. Result of this command is correct. But the performance is very bad. It takes 7~8 minutes. Is there any method to improve the performance?

tshark -n -r "query29_reconstructFileFTP32705_1.pcap" -q -z "follow,tcp,raw,10.79.46.6:54775,10.140.40.209:60901" > fm_tmp_txt

asked 27 Jul '17, 06:58

hdl2041827's gravatar image

hdl2041827
6112
accept rate: 0%