Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 09 Oct 2008 08:42:58 +0200

Hi,
Thinking about this makes me wonder if this is sufficient. When 36 ethernet ports can cause packet drops on the capture interface then probably the monitor port will be dropping packets too. How are you going to account for that? 

Thanks,
Jaap

Filonenko Alexander-AAF013 wrote:
Using tshark ring buffer mode on a server capturing data 24/7 from 36 Ethernet ports. Users are taking ring buffers as needed via remote access and some scripts which simplify access/merge/processing. Traffic is bursty and I need to know if any packets were dropped while particular ring buffer file was captured. Obviously could get summary of how many packets were dropped when tshark is stopped, but it is running 24/7 and should not stop. Ideally would like a separate file stored for each ring buffer by tshark with number of packets dropped. Using Perl with Net::Pcap might be able to help determine if packets were dropped in real-time (not sure if this is going to work with tshark). 
Any other approaches?
Thank you, 
Alex Filonenko
  • Follow-Ups:
    • Re: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
      • From: Filonenko Alexander-AAF013
  • References:
    • [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
      • From: Filonenko Alexander-AAF013
  • Prev by Date: [Wireshark-dev] Link Quality Source Routing (LQSR) support in Wireshark
  • Next by Date: Re: [Wireshark-dev] displaying TLV parameters- proto_tree_add_item_hidden for type no longer available, now have one line for type, one line for value
  • Previous by thread: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
  • Next by thread: Re: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation