----- Original Message -----
From: "Sake Blok" <sake@xxxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Wednesday, September 26, 2007 3:59 PM
Subject: Re: [Wireshark-users] Two questions on wireshark
On Wed, Sep 26, 2007 at 03:41:09PM +0200, Matthias Feurstein wrote:
1: How good does Wireshark perform with gigabit ethernet? For example
occasionally I have a burst of "ACKed Lost Segment" packets (about a
dozen,
sometimes more, sometimes less) coming from the hw we are testing. It
looks
like erroneous behavior by the component I am testing since there is very
little time between these packets (some us's) but I wonder if maybe
wireshark might miss some packets?
Wireshark itself does not perform as good since it needs to keep state of
conversations. It shows you an indication on how many packets it was
not able to process in the discarded packets in the summary.
However, Wireshark uses the executable dumpcap to do the actual
capturing. Dumpcap has been written to do *just* that. Capture
packets and write them to disk. It is very good at it's task :-)
Whether it can keep up with a full Gbit/s load is up to the type
of card used, the drivers and OS used and the CPU and mem specs
of the machine running it. I haven't tested it myself, but I think
a decent PC with a decent Gbit card should be able to capture a
full Gbit/s load.
Anyone able to share some hardware specs and the performance that
can be seen with that hardware?
Has anyone any updated testbeds/numbers/whatever on this?
Have a nice day
GV
