When capturing the packet headers of high bandwidth flows, the trace files quickly get very large and hard to analyze or visualize. One may want to try to only capture small files,
or use tcpslice to break large files
into smaller, more managable pieces.
Another solution is to use scnm-index, which generates
an index file for speeding the data search.
A SCNM index file contains following information:
% scnm-index FC01V555:???.dat
This command will create an index file called FC01V555:???.dat.idx
FC01V555:???.dat.idx is constructed as:
Header -- 16 bytes
magic number
record type
unused field
time interval [default to 10 sec.]
Index data array[] -- 24 bytes each
time stamp
offset
starting record #
data in previous block
% scnm-index SCNM.dat -ti 0 400000 ; scnm-index SCNM.dat.idx -pi
built 13 indices for 30409 records in SCNM.dat
index: offset start-at records (us) date < interval = 0.400000 sec.>
1: 32 1 1 (807525) Tue May 28 15:17:30 2002
2: 190425 2307 2306 (207608) Tue May 28 15:17:31 2002
3: 380846 4610 2303 (607611) Tue May 28 15:17:31 2002
4: 565053 6837 2227 ( 7624) Tue May 28 15:17:32 2002
5: 781423 9455 2618 (407860) Tue May 28 15:17:32 2002
6: 972701 11770 2315 (808266) Tue May 28 15:17:32 2002
7: 1149483 13912 2142 (208548) Tue May 28 15:17:33 2002
8: 1334713 16156 2244 (608885) Tue May 28 15:17:33 2002
9: 1513789 18323 2167 ( 8959) Tue May 28 15:17:34 2002
10: 1724334 20876 2553 (409147) Tue May 28 15:17:34 2002
11: 1959483 23724 2848 (809154) Tue May 28 15:17:34 2002
12: 2183563 26439 2715 (209395) Tue May 28 15:17:35 2002
13: 2404331 29118 2679 (609802) Tue May 28 15:17:35 2002