Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How can I make wireshark quicker capturing packets?

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 17 Jan 2007 12:29:10 +0100
david lopez wrote:

Hi

I'm developing a position system for my PhD. This system is based on Round Trip Time measurements. I'm getting the timestamp of the packets using Tethereal and the Mactime in the Prism Monitor Header

My problem is: the sniffer is too slow. When I'm flooding the receiver with pings, using the linux command ping �f, if I send X in one second I cannot get this number of packets in the sniffer, I always get less, around the 10%. It is like the sender is quicker generating than the sniffer capturing them. How can I improve the number of capture packets per second in the sniffer?

The sequence that I'm sending and trying to capture is a ping sequence using Request to send/Clear to send, so the whole sequence is:

-Request to send

-Clear to send

-Request (ping)

-Acknowledge

-Reply (ping)

-Acknowledge

I'm only interested in the RTS and CTS timestamps, can I filter out the Request, Reply and Ack packets using tcpdump filters in Tethereal? Maybe in this way Ill be quicker

see http://wiki.wireshark.org/Performance


Regards, ULFL