Do you have another box you could try, maybe there is something with that hardware under linux? I think I would try ether a different NIC under linux or a windows box just to see how things change
Hope that helps
tim
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of gkrames@xxxxxxx
Sent: Friday, October 09, 2009 4:12 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Mysterious packet loss during capture
Thanks, but "-n" is already in use (sorry I forgot to mention this
detail). Also it would not explain packet loss by dumpcap.
New observation: Packet loss is reduced using "-w /dev/null",
but it is still there.
Gerfl
Abhijit Bare schrieb:
> If you have dns lookups on (converting IP addresses to hostnames) during
> packet captures, packet losses might occur. Try without dns lookups -
> tcpdump "-n" on Linux
>
> - Abhijit
>
> On Thu, Oct 8, 2009 at 1:58 PM, <gkrames@xxxxxxx
> <mailto:gkrames@xxxxxxx>> wrote:
>
> Hi all,
>
> I am fighting for a while now with occasional packet loss during
> capture in promiscous mode.
> Environment: Linux 2.6.27, 32 bit, NIC e1000e, 100MBit network with
> 4MBit/s actual traffic (4%), wireshark 1.2.2;
> the capturing PC has <5% CPU load and >1 GB free phys. memory).
>
> My test case captures 100K packets (using the -c) option.
> A random number of packets is dropped (about 20..2000) with ever run.
>
> tcpdump, dumpcap, tshark, and wireshark show this behaviour.
> Interestingly, tcpdump says "nn packets dropped by kernel".
> So this is most likely a kernel/network stack problem.
>
> Trials playing with some kernel sysctl parameters
> (increasing various buffer sizes, decreasing sheduler granularity
> and others) has not improved anything so far.
>
> ethtool -G eth0 rx-usecs 250 (or 125), limitting interrupts
> to 4000 or 8000 /sec, has reduced the packet loss but still it is
> there.
>
> Any ideas what else I could try?
> Also any hint would be appreciated how to find out why the kernel
> decides to drop some packets.
>
> Thanks,
> Gerfl
>
>
>
>
>
>
> --
> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla
> Firefox 3.5 -
> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx
> <mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
>
>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
