Is there a way of speeding up the apply_on_packets/iteration of a big capture ? #551
-
|
Hello, I am working on a parser project where I regroup packets by stream index, similar to wireshark conversations. I sort the packets one by one using the use_json option for the capture and the apply_on_packets method, but since the capture files I analyze are heavy, the complete iteration takes some minutes (~200-280 seconds for a ~100 Mb file). Thank you for your time. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
If you're already using the json mode, try and see if the summary mode can be used for your purposes, or else to add parameters using |
Beta Was this translation helpful? Give feedback.
-
|
Sadly the summaries do not hold the information that I need, and I already use them in some way. I don't understand custom parameters, are they different from display_filter ? And yes I may try to improve the speed but since I am a newbie programmer I don't think I'll add much sorry. |
Beta Was this translation helpful? Give feedback.
-
|
You can use customer parameters like -j or -J for example to limit the amount of protocols tshark processes, and that could speed it up. |
Beta Was this translation helpful? Give feedback.
-
|
custom_parameters might actually be the answer I was looking for, if it is done before display_filter and changes packet numbers. I will try to look into it. Thank you for your assistance and your work on this library, it's been a huge help. |
Beta Was this translation helpful? Give feedback.
If you're already using the json mode, try and see if the summary mode can be used for your purposes, or else to add parameters using
custom_parametersto tshark so it doesn't parse as many protocols (perhaps limiting it to parse just IP or TCP?). Other than that there's nothing built in to pyshark to speed it up more - though you are more than welcome to write one.