Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing wit
From: Richard Sharpe <[email protected]>
Date: Tue, 1 Jan 2019 16:33:56 -0800
On Mon, Dec 31, 2018 at 5:09 PM Guy Harris <[email protected]> wrote:
> On Dec 31, 2018, at 5:05 PM, Richard Sharpe <[email protected]> wrote:
> > However, I think maybe I have discovered how to prevent that. Increase
> > the buffer size given to dumpcap (2GB or more.)
> What happens if you use tcpdump rather than dumpcap?  At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).

I was capturing on Windows so, AFAIAA, tcpdump was not an option.

Richard Sharpe