--- /dev/null
+Packet Profiling
+================
+
+In this guide will be explained how to enable packet profiling and use
+it with the most recent code of Suricata on Ubuntu. It is based on the
+assumption that you have already installed Suricata once from the GIT
+repository.
+
+Packet profiling is convenient in case you would like to know how long
+packets take to be processed. It is a way to figure out why certain
+packets are being processed quicker than others, and this way a good
+tool for developing Suricata.
+
+Update Suricata by following the steps from [[Installation from
+Git]]. Start at the end at
+
+::
+
+ cd suricata/oisf
+ git pull
+
+And follow the described next steps. To enable packet profiling, make
+sure you enter the following during the configuring stage:
+
+::
+
+ ./configure --enable-profiling
+
+Find a folder in which you have pcaps. If you do not have pcaps yet,
+you can get these with Wireshark. See [[Sniffing Packets with
+Wireshark]].
+
+Go to the directory of your pcaps. For example:
+
+::
+
+ cd ~/Desktop
+
+With the ls command you can see the content of the folder. Choose a
+folder and a pcap file
+
+for example:
+
+::
+
+ cd ~/Desktop/2011-05-05
+
+Run Suricata with that pcap:
+
+::
+
+ suricata -c /etc/suricata/suricata.yaml -r log.pcap.(followed by the number/name of your pcap)
+
+for example:
+
+::
+
+ suricata -c /etc/suricata/suricata.yaml -r log.pcap.1304589204
projects / thirdparty / suricata.git / commitdiff
