articles:livevspcap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| articles:livevspcap [2017/11/15 23:26] – [Issue 1 : The Clock] veera | articles:livevspcap [2017/11/15 23:27] (current) – [Why read in PCAP files] veera | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ===== Why read in PCAP files ===== | ===== Why read in PCAP files ===== | ||
| - | When you have a large PCAP file , say covering 6 hours of traffic. You have two choices, you can choose to replay the file to a NSM system using a tool like TCPReplay. But that would take 6 hours !! If you speed it up or play it at top speed, you lose crucial information about traffic metrics. | + | When you have a large PCAP file , say covering 6 hours of traffic. You have two choices, you can choose to replay the file to a NSM system using a tool like TCPReplay. But if you did that at normal rate it would take 6 hours !! If you speed it up or play it at top speed, you lose crucial information about traffic metrics. |
| But if you played it back at natural rate, then that is an enormous waste of CPU and time. You could be processing packets at the natural rate of 1MB/s for hours when your powerful CPU can do 800Mbps. | But if you played it back at natural rate, then that is an enormous waste of CPU and time. You could be processing packets at the natural rate of 1MB/s for hours when your powerful CPU can do 800Mbps. | ||
articles/livevspcap.1510768589.txt.gz · Last modified: 2017/11/15 23:26 by veera