Wireshark · Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets

Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing wit

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 31 Dec 2018 17:09:00 -0800

On Dec 31, 2018, at 5:05 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:

> However, I think maybe I have discovered how to prevent that. Increase
> the buffer size given to dumpcap (2GB or more.)

What happens if you use tcpdump rather than dumpcap?  At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).

Follow-Ups:
- Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
  - From: Anders Broman
- Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
  - From: Richard Sharpe

References:
- Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
  - From: Richard Sharpe

Prev by Date: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Next by Date: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Previous by thread: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Next by thread: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Index(es):
- Date
- Thread