1 環境
VMware Workstation 12 Player上のゲストマシンを使っています。
[root@admin ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@admin ~]# uname -r
3.10.0-514.el7.x86_64
ゲストマシンの搭載CPU数は4個です。
[root@admin ~]# cat /proc/cpuinfo |grep processor
processor : 0
processor : 1
processor : 2
processor : 3
2 事前準備
2.1 ツールのインストール
tsharkコマンドをインストールする。
[root@admin ~]# yum -y install wireshark
[root@admin ~]# tshark -v
TShark 1.10.14 (Git Rev Unknown from unknown)
parallelコマンドをインストールする。
[root@admin ~]# yum -y install parallel
[root@admin ~]# parallel --version
GNU parallel 20160222
2.2 テスト用pcapファイルの作成
[root@admin ~]# mkdir tcpdump
[root@admin ~]# chown tcpdump:tcpdump tcpdump/
[root@admin ~]# ls -ld tcpdump/
drwxr-xr-x 2 tcpdump tcpdump 6 8月 4 19:55 tcpdump/
[root@admin ~]# cd tcpdump/
tcpdumpを実行する。1つのpcapファイルサイズは5Mを指定する。
[root@admin tcpdump]# tcpdump -i eth0 -C 5 -w tcpdump.cap
別ターミナルを開いて、下記コマンドを実行する。
HTTPパケットの(TCP80)やり取りをテスト用pcapに記録する。
[root@admin tcpdump]# wget http://ftp.riken.jp/Linux/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1611.iso
さらに別ターミナルをオープンする。
chronydを再起動する。NTPパケット(UDP123)のやり取りをテスト用pcapに記録する。
[root@admin tcpdump]# systemctl restart chronyd
ntpサーバのIPアドレスを求める。DNSパケット(UDP53)のやり取りをテスト用pcapに記録する。
[root@admin tcpdump]# dig ntp.nict.jp +short
133.243.238.244
133.243.238.243
133.243.238.164
133.243.238.163
デフォルトGWに対してping(ICMP echo request/replay)を実行する。
[root@admin tcpdump]# ping -c 1 192.168.0.1
適当なところで、wgetを終了する。
[root@admin tcpdump]# pkill wget
[root@admin tcpdump]#
tcpdumpもCtrl + C押下で終了する。
[root@admin tcpdump]# tcpdump -i eth0 -C 5 -w tcpdump.cap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C90991 packets captured
91247 packets received by filter
253 packets dropped by kernel
採取したpcapファイルを確認する。ファイルは全部で20個です。
[root@admin tcpdump]# ls -l
合計 179900
-rw-r--r-- 1 root root 88253767 8月 4 20:30 CentOS-7-x86_64-DVD-1611.iso
-rw-r--r-- 1 tcpdump tcpdump 5000086 8月 4 20:27 tcpdump.cap
-rw-r--r-- 1 tcpdump tcpdump 5000484 8月 4 20:27 tcpdump.cap1
-rw-r--r-- 1 tcpdump tcpdump 5001324 8月 4 20:28 tcpdump.cap10
-rw-r--r-- 1 tcpdump tcpdump 5001474 8月 4 20:29 tcpdump.cap11
-rw-r--r-- 1 tcpdump tcpdump 5000851 8月 4 20:29 tcpdump.cap12
-rw-r--r-- 1 tcpdump tcpdump 5000872 8月 4 20:29 tcpdump.cap13
-rw-r--r-- 1 tcpdump tcpdump 5000558 8月 4 20:29 tcpdump.cap14
-rw-r--r-- 1 tcpdump tcpdump 5000654 8月 4 20:29 tcpdump.cap15
-rw-r--r-- 1 tcpdump tcpdump 5000892 8月 4 20:29 tcpdump.cap16
-rw-r--r-- 1 tcpdump tcpdump 5000690 8月 4 20:30 tcpdump.cap17
-rw-r--r-- 1 tcpdump tcpdump 5000620 8月 4 20:30 tcpdump.cap18
-rw-r--r-- 1 tcpdump tcpdump 925062 8月 4 20:30 tcpdump.cap19
-rw-r--r-- 1 tcpdump tcpdump 5000949 8月 4 20:27 tcpdump.cap2
-rw-r--r-- 1 tcpdump tcpdump 5002209 8月 4 20:27 tcpdump.cap3
-rw-r--r-- 1 tcpdump tcpdump 5000984 8月 4 20:27 tcpdump.cap4
-rw-r--r-- 1 tcpdump tcpdump 5001074 8月 4 20:28 tcpdump.cap5
-rw-r--r-- 1 tcpdump tcpdump 5001168 8月 4 20:28 tcpdump.cap6
-rw-r--r-- 1 tcpdump tcpdump 5000684 8月 4 20:28 tcpdump.cap7
-rw-r--r-- 1 tcpdump tcpdump 5000460 8月 4 20:28 tcpdump.cap8
-rw-r--r-- 1 tcpdump tcpdump 5000456 8月 4 20:28 tcpdump.cap9
3 parallelを使った場合のパケット検索にかかる時間
3.1 SYNパケットの検索時間
[root@admin tcpdump]# time ls tcpdump*|parallel --tagstring "{}:" --line-buffer -j +0 tshark -r {} 'tcp.flags.syn==1' and 'tcp.flags.ack==0' -n
-略-
tcpdump.cap: 20 7 192.168.0.100 -> 134.160.38.1 TCP 74 41444 > 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=3738362 TSecr=0 WS=128
-略-
real 0m11.983s
user 0m36.809s
sys 0m7.251s
tsharkを実行しているCPUを確認する。4つのCPUで実行していることがわかる。
[root@admin tcpdump]# ps -C tshark -o comm,psr
COMMAND PSR
tshark 1
tshark 2
tshark 0
tshark 3
3.2 NTPパケットの検索時間
[root@admin tcpdump]# time ls tcpdump*|parallel --tagstring "{}:" --line-buffer -j +0 tshark -r {} 'udp.port==123' -n
-略-
tcpdump.cap1: 717 1 192.168.0.100 -> 118.155.250.71 NTP 90 NTP Version 4, client
tcpdump.cap1: 756 2 118.155.250.71 -> 192.168.0.100 NTP 90 NTP Version 4, server
tcpdump.cap1: 792 2 192.168.0.100 -> 59.106.180.168 NTP 90 NTP Version 4, client
tcpdump.cap1: 859 2 59.106.180.168 -> 192.168.0.100 NTP 90 NTP Version 4, server
tcpdump.cap1: 1507 4 192.168.0.100 -> 104.198.83.7 NTP 90 NTP Version 4, client
tcpdump.cap1: 1524 4 104.198.83.7 -> 192.168.0.100 NTP 90 NTP Version 4, server
tcpdump.cap1: 3283 10 192.168.0.100 -> 52.198.17.95 NTP 90 NTP Version 4, client
tcpdump.cap1: 3317 10 52.198.17.95 -> 192.168.0.100 NTP 90 NTP Version 4, server
tcpdump.cap1: 3318 10 192.168.0.100 -> 52.198.17.95 ICMP 118 Destination unreachable (Port unreachable)
-以下、略-
real 0m10.357s
user 0m31.443s
sys 0m5.870s
3.3 DNSパケットの検索時間
[root@admin tcpdump]# time ls tcpdump*|parallel --tagstring "{}:" --line-buffer -j +0 tshark -r {} 'udp.port==53' -n
-略-
tcpdump.cap: 14 7 192.168.0.100 -> 192.168.3.1 DNS 72 Standard query 0xb756 A ftp.riken.jp
tcpdump.cap: 15 7 192.168.0.100 -> 192.168.3.1 DNS 72 Standard query 0x5427 AAAA ftp.riken.jp
tcpdump.cap: 18 7 192.168.3.1 -> 192.168.0.100 DNS 265 Standard query response 0xb756 CNAME riksun.riken.go.jp A 134.160.38.1
tcpdump.cap: 19 7 192.168.3.1 -> 192.168.0.100 DNS 148 Standard query response 0x5427 CNAME riksun.riken.go.jp
tcpdump.cap1: 3312 10 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x7791 A 0.centos.pool.ntp.org
tcpdump.cap1: 3313 10 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfc75 AAAA 0.centos.pool.ntp.org
tcpdump.cap1: 3386 10 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xfc75
tcpdump.cap12: Running as user "root" and group "root". This could be dangerous.
tcpdump.cap13: Running as user "root" and group "root". This could be dangerous.
tcpdump.cap12: 3008 7 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0x18e5 A ntp.nict.jp
tcpdump.cap12: 3211 7 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0x18e5 ★A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
-略-
tcpdump.cap3: 26 0 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xc2ed
tcpdump.cap3: 1895 4 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfbe7 A 3.centos.pool.ntp.org
tcpdump.cap3: 1984 4 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0xfbe7 A 203.112.31.229 A 45.76.221.157 A 133.242.147.113 A 157.7.153.56
tcpdump.cap3: 1985 4 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xc2ed AAAA 3.centos.pool.ntp.org
tcpdump.cap3: 2040 5 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xc2ed
tcpdump.cap4: 727 2 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0xc4e2 A ntp.nict.jp
tcpdump.cap4: 747 2 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0xc4e2 ★A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
tcpdump.cap4: 3994 10 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0x0fb6 A ntp.nict.jp
tcpdump.cap4: 4031 10 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0x0fb6 ★A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
-以下、略-
real 0m10.133s
user 0m31.004s
sys 0m6.497s
3.4 ICMPパケットの検索時間
[root@admin tcpdump]# time ls tcpdump*|parallel --tagstring "{}:" --line-buffer -j +0 tshark -r {} 'icmp.type==8' or 'icmp.type==0' -n
-略-
tcpdump.cap14: 643 1 192.168.0.100 -> 192.168.0.1 ICMP 98 Echo (ping) request id=0x04fc, seq=1/256, ttl=64
tcpdump.cap14: 821 1 192.168.0.1 -> 192.168.0.100 ICMP 98 Echo (ping) reply id=0x04fc, seq=1/256, ttl=255 (request in 643)
-略-
tcpdump.cap5: 2167 5 192.168.0.100 -> 192.168.0.1 ICMP 98 Echo (ping) request id=0x04f3, seq=1/256, ttl=64
tcpdump.cap5: 2236 5 192.168.0.1 -> 192.168.0.100 ICMP 98 Echo (ping) reply id=0x04f3, seq=1/256, ttl=255 (request in 2167)
-略-
real 0m10.103s
user 0m31.098s
sys 0m5.644s
[root@admin tcpdump]#
4 parallelを使わない場合のパケット検索にかかる時間
4.1 SYNパケットの検索時間
[root@admin tcpdump]# time find . -name 'tcpdump*' -print -exec tshark -r {} 'tcp.flags.syn==1' and 'tcp.flags.ack==0' \;
./tcpdump.cap
Running as user "root" and group "root". This could be dangerous.
20 7 192.168.0.100 -> 134.160.38.1 TCP 74 41444 > http [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=3738362 TSecr=0 WS=128
-以下、略-
real 0m20.776s
user 0m17.906s
sys 0m2.789s
[root@admin tcpdump]#
4.2 NTPパケットの検索時間
[root@admin tcpdump]# time find . -name 'tcpdump*' -print -exec tshark -r {} 'udp.port==123' \;
./tcpdump.cap
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap1
Running as user "root" and group "root". This could be dangerous.
717 1 192.168.0.100 -> 118.155.250.71 NTP 90 NTP Version 4, client
756 2 118.155.250.71 -> 192.168.0.100 NTP 90 NTP Version 4, server
792 2 192.168.0.100 -> 59.106.180.168 NTP 90 NTP Version 4, client
859 2 59.106.180.168 -> 192.168.0.100 NTP 90 NTP Version 4, server
1507 4 192.168.0.100 -> 104.198.83.7 NTP 90 NTP Version 4, client
1524 4 104.198.83.7 -> 192.168.0.100 NTP 90 NTP Version 4, server
3283 10 192.168.0.100 -> 52.198.17.95 NTP 90 NTP Version 4, client
3317 10 52.198.17.95 -> 192.168.0.100 NTP 90 NTP Version 4, server
3318 10 192.168.0.100 -> 52.198.17.95 ICMP 118 Destination unreachable (Port unreachable)
./tcpdump.cap2
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap3
Running as user "root" and group "root". This could be dangerous.
2132 5 192.168.0.100 -> 203.112.31.229 NTP 90 NTP Version 4, client
2180 5 203.112.31.229 -> 192.168.0.100 NTP 90 NTP Version 4, server
2248 5 192.168.0.100 -> 117.102.176.202 NTP 90 NTP Version 4, client
2264 5 117.102.176.202 -> 192.168.0.100 NTP 90 NTP Version 4, server
2334 5 192.168.0.100 -> 150.95.148.140 NTP 90 NTP Version 4, client
2355 5 150.95.148.140 -> 192.168.0.100 NTP 90 NTP Version 4, server
2441 6 192.168.0.100 -> 153.128.30.125 NTP 90 NTP Version 4, client
2470 6 153.128.30.125 -> 192.168.0.100 NTP 90 NTP Version 4, server
3114 7 192.168.0.100 -> 203.112.31.229 NTP 90 NTP Version 4, client
3138 7 203.112.31.229 -> 192.168.0.100 NTP 90 NTP Version 4, server
3238 8 192.168.0.100 -> 117.102.176.202 NTP 90 NTP Version 4, client
3239 8 192.168.0.100 -> 150.95.148.140 NTP 90 NTP Version 4, client
3308 8 192.168.0.100 -> 153.128.30.125 NTP 90 NTP Version 4, client
3317 8 150.95.148.140 -> 192.168.0.100 NTP 90 NTP Version 4, server
3321 8 117.102.176.202 -> 192.168.0.100 NTP 90 NTP Version 4, server
3375 8 153.128.30.125 -> 192.168.0.100 NTP 90 NTP Version 4, server
3884 9 192.168.0.100 -> 203.112.31.229 NTP 90 NTP Version 4, client
3915 9 203.112.31.229 -> 192.168.0.100 NTP 90 NTP Version 4, server
4066 10 192.168.0.100 -> 150.95.148.140 NTP 90 NTP Version 4, client
4072 10 150.95.148.140 -> 192.168.0.100 NTP 90 NTP Version 4, server
4166 10 192.168.0.100 -> 153.128.30.125 NTP 90 NTP Version 4, client
4167 10 192.168.0.100 -> 117.102.176.202 NTP 90 NTP Version 4, client
4190 10 117.102.176.202 -> 192.168.0.100 NTP 90 NTP Version 4, server
4193 10 153.128.30.125 -> 192.168.0.100 NTP 90 NTP Version 4, server
4509 11 192.168.0.100 -> 203.112.31.229 NTP 90 NTP Version 4, client
4543 12 203.112.31.229 -> 192.168.0.100 NTP 90 NTP Version 4, server
-略-
real 0m21.999s
user 0m18.899s
sys 0m3.071s
4.3 DNSパケットの検索時間
[root@admin tcpdump]# time find . -name 'tcpdump*' -print -exec tshark -r {} 'udp.port==53' \;
./tcpdump.cap
Running as user "root" and group "root". This could be dangerous.
14 7 192.168.0.100 -> 192.168.3.1 DNS 72 Standard query 0xb756 A ftp.riken.jp
15 7 192.168.0.100 -> 192.168.3.1 DNS 72 Standard query 0x5427 AAAA ftp.riken.jp
18 7 192.168.3.1 -> 192.168.0.100 DNS 265 Standard query response 0xb756 CNAME riksun.riken.go.jp A 134.160.38.1
19 7 192.168.3.1 -> 192.168.0.100 DNS 148 Standard query response 0x5427 CNAME riksun.riken.go.jp
./tcpdump.cap1
Running as user "root" and group "root". This could be dangerous.
3312 10 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x7791 A 0.centos.pool.ntp.org
3313 10 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfc75 AAAA 0.centos.pool.ntp.org
3386 10 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xfc75
./tcpdump.cap2
Running as user "root" and group "root". This could be dangerous.
529 1 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x7791 A 0.centos.pool.ntp.org
644 1 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0x7791 A 117.102.176.202 A 59.106.180.168 A 157.7.235.92 A 129.250.35.251
645 1 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfc75 AAAA 0.centos.pool.ntp.org
722 1 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xfc75
727 1 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x2211 A 1.centos.pool.ntp.org
728 1 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xf04a AAAA 1.centos.pool.ntp.org
799 2 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xf04a
2578 6 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x2211 A 1.centos.pool.ntp.org
2646 7 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0x2211 A 150.95.148.140 A 157.7.154.29 A 106.185.31.36 A 172.104.105.31
2647 7 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xf04a AAAA 1.centos.pool.ntp.org
2717 7 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xf04a
2721 7 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x19eb A 2.centos.pool.ntp.org
2722 7 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x96fe AAAA 2.centos.pool.ntp.org
2833 7 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0x19eb A 178.32.222.29 A 46.19.96.19 A 91.206.16.3 A 199.182.221.110
4410 12 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x19eb A 2.centos.pool.ntp.org
4507 12 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0x19eb A 153.128.30.125 A 116.58.172.182 A 45.76.218.213 A 45.76.98.188
4509 12 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0x96fe AAAA 2.centos.pool.ntp.org
4613 12 192.168.3.1 -> 192.168.0.100 DNS 441 Standard query response 0x96fe
4614 12 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfbe7 A 3.centos.pool.ntp.org
4615 12 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xc2ed AAAA 3.centos.pool.ntp.org
./tcpdump.cap3
Running as user "root" and group "root". This could be dangerous.
26 0 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xc2ed
1895 4 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xfbe7 A 3.centos.pool.ntp.org
1984 4 192.168.3.1 -> 192.168.0.100 DNS 503 Standard query response 0xfbe7 A 203.112.31.229 A 45.76.221.157 A 133.242.147.113 A 157.7.153.56
1985 4 192.168.0.100 -> 192.168.3.1 DNS 81 Standard query 0xc2ed AAAA 3.centos.pool.ntp.org
2040 5 192.168.3.1 -> 192.168.0.100 DNS 136 Standard query response 0xc2ed
./tcpdump.cap4
Running as user "root" and group "root". This could be dangerous.
727 2 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0xc4e2 A ntp.nict.jp
747 2 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0xc4e2 A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
3994 10 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0x0fb6 A ntp.nict.jp
4031 10 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0x0fb6 A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
./tcpdump.cap5
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap6
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap7
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap8
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap9
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap10
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap11
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap12
Running as user "root" and group "root". This could be dangerous.
3008 7 192.168.0.100 -> 192.168.3.1 DNS 82 Standard query 0x18e5 A ntp.nict.jp
3211 7 192.168.3.1 -> 192.168.0.100 DNS 249 Standard query response 0x18e5 A 133.243.238.163 A 133.243.238.164 A 133.243.238.243 A 133.243.238.244
./tcpdump.cap13
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap14
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap15
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap16
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap17
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap18
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap19
Running as user "root" and group "root". This could be dangerous.
real 0m21.148s
user 0m18.002s
sys 0m3.125s
4.4 ICMPパケットの検索時間
[root@admin tcpdump]# time find . -name 'tcpdump*' -print -exec tshark -r {} 'icmp.type==8' or 'icmp.type==0' \;
./tcpdump.cap
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap1
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap2
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap3
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap4
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap5
Running as user "root" and group "root". This could be dangerous.
2167 5 192.168.0.100 -> 192.168.0.1 ICMP 98 Echo (ping) request id=0x04f3, seq=1/256, ttl=64
2236 5 192.168.0.1 -> 192.168.0.100 ICMP 98 Echo (ping) reply id=0x04f3, seq=1/256, ttl=255 (request in 2167)
./tcpdump.cap6
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap7
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap8
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap9
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap10
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap11
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap12
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap13
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap14
Running as user "root" and group "root". This could be dangerous.
643 1 192.168.0.100 -> 192.168.0.1 ICMP 98 Echo (ping) request id=0x04fc, seq=1/256, ttl=64
821 1 192.168.0.1 -> 192.168.0.100 ICMP 98 Echo (ping) reply id=0x04fc, seq=1/256, ttl=255 (request in 643)
./tcpdump.cap15
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap16
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap17
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap18
Running as user "root" and group "root". This could be dangerous.
./tcpdump.cap19
Running as user "root" and group "root". This could be dangerous.
real 0m20.091s
user 0m16.811s
sys 0m3.267s
5 検索時間の比較
parallelを使った場合と使わない場合の検索時間を比較しました。単位は秒です。
parallelを使った方が、検索時間が短いことがわかります。(毎回キャッシュのクリアをしなかったけど、大丈夫か???)
ファイルの数が多く、1つのファイルサイズが大きい場合は、さらに検索時間に差がでると思います。
SYN | NTP | DNS | ping | |
---|---|---|---|---|
parallelを使った場合 | 12 | 10 | 10 | 10 |
parallelを使わなかった場合 | 21 | 22 | 21 | 20 |