Wireshark · Ethereal-users: [Ethereal-users] conversations slow?

Ethereal-users: [Ethereal-users] conversations slow?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Thoralf Will <thoralf@xxxxxxxxxxx>

Date: Tue, 15 Mar 2005 23:14:41 +0100

Hi,

to post-analyze dos/ddos attacks against our servers I've written ascript that constantly checks the incoming traffic and in case of anincreased packet rate/traffic count it starts a tcpdump to store thedata for later investigation.

While analyzing those packets I've noticed that certain archives take asignificantly longer amount of time to load the conversations screen,some even need extremely long time. DNS lookups are generally disabled,so this is not the problem.

Does a known issue with ethereal and the conversations part exist or isthere anything that I can do to speed up this process? The recordedarchives usually consist of chunks of 50.000 packets and the commonattack is a udp-flood with huge and highly fragmented packets to fill upthe bandwidth.

(Summary loads in no time and even filter rules apply are really fast.)

Thanks in advance,
Thoralf

Prev by Date: Re: [Ethereal-users] Weird default capture filter
Next by Date: [Ethereal-users] Feature Request: Filter vs Follow TCP stream
Previous by thread: Re: [Ethereal-users] Weird default capture filter
Next by thread: [Ethereal-users] Feature Request: Filter vs Follow TCP stream
Index(es):
- Date
- Thread