Ubuntu

tcpdump file reading VERY slow (tcpdump -r)

Asked by Anthony King

I'm running 8.04.1 with recent updates. I've also installed Wireshark. Somewhere along the line reading a packet capture file with tcpdump (tcpdump -r) became VERY slow. It will just hang for a long time before it returns any output, then finally it will start to dump text. Depending on the file it might dump slowly in chunks, or just the whole thing at once. The capture files read fine into Wireshark as well as with other system's tcpdump.

Any advice is appreciated.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Andi Hechtbauer
Solved:
Last query:
Last reply:
Revision history for this message
Best Andi Hechtbauer (anti-dotu) said : 		#1

maybe "strace tcpdump -r..." gives a hint on where its stalling.

Revision history for this message
Anthony King (twotone) said : 		#2

Ah, yes. Thanks for reminding me. Apparently DNS timeouts are suddenly an issue. tcpdump -nr solved the problem (I should really be in the habit of using -n anyway).

Thanks.

Revision history for this message
Anthony King (twotone) said : 		#3

Thanks Andi Hechtbauer, that solved my question.