Wireshark · Wireshark-users: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP

Wireshark-users: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Applica

From: John Powell <jrp999@xxxxxxxxx>

Date: Fri, 23 Nov 2012 16:31:05 -0600

Hi Everyone,

I am running CentOS 6.3 on a HP 8200 using 3TB WD Green drives using a EXT4 file system.

I am using Wireshark 1.8.2 compiled from source.

I am using DUMPCAP to rotate and store historical Packet Captures.

Whether I capture the packets with Wireshark or view the DUMPCAP created file, I see dropouts in the packets being captured.

I tried to turning off journalling but this did not seem to help much:

umount /dev/mapper/VolGroup00-LogVol_Data

/sbin/tune2fs -o journal_data_writeback /dev/mapper/VolGroup00-LogVol_Data

/sbin/tune2fs -O ^has_journal /dev/mapper/VolGroup00-LogVol_Data

/sbin/e2fsck -f /dev/mapper/VolGroup00-LogVol_Data

I have a attached a couple of IOGraphs from Wireshark showing the packet drops.

Thanks alot!

-John

Attachment: wireshark packet drops.docx
Description: MS-Word 2007 document

Follow-Ups:
- Re: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP
  - From: Banyan He
- Re: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-users] Wireshark 1.8.0 is now available
Next by Date: [Wireshark-users] eth.fcs==0x00000000
Previous by thread: Re: [Wireshark-users] Wireshark 1.8.0 is now available
Next by thread: Re: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP
Index(es):
- Date
- Thread