Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing wit
From: Anders Broman <[email protected]>
Date: Tue, 1 Jan 2019 02:15:48 +0100


Den tis 1 jan. 2019 02:09 skrev Guy Harris <[email protected]>:
On Dec 31, 2018, at 5:05 PM, Richard Sharpe <[email protected]> wrote:

> However, I think maybe I have discovered how to prevent that. Increase
> the buffer size given to dumpcap (2GB or more.)

What happens if you use tcpdump rather than dumpcap?  At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).

It would be really interesting to see how the pull request to use dpdk would perform too.
Regards 
Anders 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe