Package: tcpspy Version: 1.6-2 Severity: minor Hoi again :) tcpspy consumes much more cpu time than comparable tools like ippl or even snort (around 200% more than snort). Maybe looking at those sources could help in major performance improves? regards, Mario
Hello! | tcpspy consumes much more cpu time than comparable tools like ippl | or even snort (around 200% more than snort). | Maybe looking at those sources could help in major performance | improves? Again, I've forwarded this bug report to tcpspy upstream author, and he replied: "#97179 - Yes, the way tcpspy currently monitors is slow, but it monitors in a much different way than other network monitors. It can't be compared to snort, etc. because snort doesn't give you information about the user or the program making the connection. The only way I can think of making tcpspy much faster is by modifying the kernel. The -p option dramatically slows down monitoring, as noted in the manual page." I'll help him along with this. Maybe there are some code optimizations we can make... If anyone heard of something, msg-me. []s Pablo
Hoi again :) I don't use the -p flag, but i've had a look at the net-tools package with netstat (-p) and it seems, that netstat also looks at /proc and netstat can cache it, because it runs once and finishes, this is nothing, tcpspy could do, because it had to keep the cache consistent. But maybe one could make the 'show user' thingy commandline-switchable too (maybe a disable-flag), it *should* be as fast as ippl then... regards, Mario
Hello! I've talked to the upstream author of tcpspy, and he stated (as can also be seen at his webpage - http://users.rendrag.net/~tim/software/tcpspy.html) that the bug #97179 will not be fixed until tcpspy reaches v2.0. The new 1.7 version addresses this by putting a warning message when tcpspy detects it is running too slow. Thus, I'll be waiting v2.0 to close this... for now I'll add a wontfix tag for this bug []s Pablo