Wireshark-users: Re: [Wireshark-users] Mysterious packet loss during capture

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Fri, 9 Oct 2009 08:55:16 -0700

Are you dumping to disk with tcpdump?

Have a nice day
GV

----- Original Message ----- From: <gkrames@xxxxxxx>

To: <wireshark-users@xxxxxxxxxxxxx>
Sent: Thursday, October 08, 2009 12:58 PM
Subject: [Wireshark-users] Mysterious packet loss during capture

Hi all,

I am fighting for a while now with occasional packet loss during
capture in promiscous mode.
Environment: Linux 2.6.27, 32 bit, NIC e1000e, 100MBit network with
4MBit/s actual traffic (4%), wireshark 1.2.2;
the capturing PC has <5% CPU load and >1 GB free phys. memory).

My test case captures 100K packets (using the -c) option.
A random number of packets is dropped (about 20..2000) with ever run.

tcpdump, dumpcap, tshark, and wireshark show this behaviour.
Interestingly, tcpdump says "nn packets dropped by kernel".
So this is most likely a kernel/network stack problem.

Trials playing with some kernel sysctl parameters
(increasing various buffer sizes, decreasing sheduler granularity
and others) has not improved anything so far.

ethtool -G eth0 rx-usecs 250 (or 125), limitting interrupts
to 4000 or 8000 /sec, has reduced the packet loss but still it is
there.

Any ideas what else I could try?
Also any hint would be appreciated how to find out why the kernel
decides to drop some packets.

Thanks,
Gerfl






--

Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -

sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe