Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Wireshark for Beacon Sniffing

From: Johne Cookcely <johne1921@xxxxxxxx>
Date: Wed, 21 Jan 2009 20:26:31 -0500
Hi! Wireshark just crashed "segmentation fault", so I can't tell for the long trace, unless its possible to extract from the file logged to disk...............
I ran a short 4min 10000 packet trace and 0 packets "Lost" at the bottom of the screen. Do note I use the latest versions of all software as noted.......................
I'm running a longer one again now.........................

> From: guy@xxxxxxxxxxxx
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Wed, 21 Jan 2009 17:10:08 -0800
> Subject: Re: [Wireshark-users] Wireshark for Beacon Sniffing
>
>
> On Jan 21, 2009, at 4:47 PM, Johne Cookcely wrote:
>
> > Hi! OmniPeek was on Windows xpsp2, Wireshark is on Linux ubuntu8.04.
>
> "Same location, same channel, same card" doesn't necessarily imply
> "same experience", as there's a bunch of software in the way.
>
> In particular, the capture code path for Wireshark-on-Linux might drop
> more packets than the capture code path for OmniPeek-on-Windows.
>
> When you stop the capture, the status bar (if it's displayed) should
> show
>
> Packets: {N} Displayed: {N} Marked: 0 Dropped: {M}
>
> for some values of N and M. If M isn't zero, some packets were
> dropped because the capture code path wasn't fast enough to capture
> them and save them to disk; 293149 beacons/hour is about 81 beacons/
> second, so I could imagine packets getting dropped. How many are
> getting dropped?
>
> (Ubuntu 8.04 should have a recent enough libpcap that it will report
> how many packets were dropped by the Linux capture mechanism because
> they weren't getting processed fast enough, so Wireshark should be
> able to report a count of dropped packets.)
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


Windows Live™: E-mail. Chat. Share. Get more ways to connect. Check it out.