Wireshark · Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets

[Anders Broman <a.broman58@xxxxxxxxx>]

Den tis 1 jan. 2019 02:09 skrev Guy Harris <guy@xxxxxxxxxxxx>:

On Dec 31, 2018, at 5:05 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:

> However, I think maybe I have discovered how to prevent that. Increase
> the buffer size given to dumpcap (2GB or more.)

What happens if you use tcpdump rather than dumpcap?  At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).

It would be really interesting to see how the pull request to use dpdk would perform too.

Regards 

Anders 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe