From: Russ Fink (russfink@hotmail.com)
Date: 11/01/04
From: "Russ Fink" <russfink@hotmail.com> Subject: RE: tcptrace taking a very very long time Date: Mon, 01 Nov 2004 09:04:39 -0500 Message-ID: <BAY101-F34phwFutJLt00028cd0@hotmail.com>
Sad to say (and I'm sure I will get flames), tcptrace is broken in this
regard. It does not work for very large cap files.
What you are experiencing is an endless loop in the AVL tree data structure
with regard to the rotates. I have experienced this same problem a couple
months back (whatever the current version was) and manually rolled out the
AVL tree and reverted to the hash table. [I don't currently use tcptrace
because I needed additional features and switched to an internal tool.]
To the community, hash tables are the most efficient way to manage
connections in any kind of TCP system. Any kind of tree structure or queue,
which tries to do constant optimization of its internal structure, is doing
way more work than necessary. Look at libnids (libnids.sourceforge.net) and
see how that is implemented using hashes.
Russ
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2.1.7 : 11/01/04 EST