Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP
From: Banyan He <banyan () rootong com>
Date: Sun, 25 Nov 2012 18:31:38 +0800

check out netstat -s seeing if you can find where it is being dropped. Also remember ethtool -s <int> for the NIC driver level. You probably can try out tcpdump for the capture as well seeing if you can find the difference. Just in case, it is the problem with wireshark.

------------
Banyan He
Blog: http://www.rootong.com
Email: banyan () rootong com

On 2012-11-24 6:31 AM, John Powell wrote:
Hi Everyone,

I am running CentOS 6.3 on a HP 8200 using 3TB WD Green drives using a EXT4 file system.

I am using Wireshark 1.8.2 compiled from source.

I am using DUMPCAP to rotate and store historical Packet Captures.

Whether I capture the packets with Wireshark or view the DUMPCAP created file, I see dropouts in the packets being captured.

I tried to turning off journalling but this did not seem to help much:

umount /dev/mapper/VolGroup00-LogVol_Data

/sbin/tune2fs -o journal_data_writeback /dev/mapper/VolGroup00-LogVol_Data

/sbin/tune2fs -O ^has_journal /dev/mapper/VolGroup00-LogVol_Data

/sbin/e2fsck -f /dev/mapper/VolGroup00-LogVol_Data


I have a attached a couple of IOGraphs from Wireshark showing the packet drops.

Thanks alot!

-John

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]