There is a significant performance difference when processing pcap files

[ARCHER359]

Hello,
When I was processing a 60MB api.pcapng file on an Apple M1 Pro computer, I noticed significant differences in processing speeds among different tools:
Using lnav -n -c ":quit" api.pcapng, it took approximately 35 seconds
Using tshark -r api.pcapng -Y "http" -T fields -e http.request.uri > /dev/null, it takes about 0.6 seconds
I am currently developing a pcap analysis tool and would like to utilize the SQL functionality of lnav, but the long loading time hinders its interactive use. Could you provide some optimization suggestions.
Thanks for any guidance! 🚀

[tstack]

lnav converts the pcap file with tshark -T ek -P -V -t ad, which is pretty slow. I should probably add a way to plumb filter flags to the command to reduce the amount of processing.