HUGE packet-drop

["M. V." <bored_to_death85 () yahoo com>]

hi guys,

i'm stucked with a confusing problem. i'm trying to dump gigabit network traffic 
to file. i'm using Debian5.0.3 AMD64 on an HP Proliant DL360 G5 (2*Quad-Core 
2.33 hz - 4GiB RAM - 2*76GiB HardDisk). but whatever i try, even at 600Mbps 
rate, i got a huge packet-drop.

*) i tried both tcpdump (1.1.1) && dumpcap (1.4.3) : (got similar results)
- dumpcap -i eth0 -w /dump_folder/dump.pcap [-b filesize:150000] -s 0
- tcpdump -i eth0 -w /dump_folder/dump.pcap -s 0

*) i tried recompiling those two, with different libpcap versions (0.9.8 has 
best result, and i tried 1.0 and .1.1.1)

*) i tried playing with kernel parameters:
net.core.rmem_default = 40971510
net.core.rmem_max = 40971510
net.core.wmem_default = 40971510
net.core.wmem_max = 40971510
net.core.netdev_max_backlog = 300000
net.ipv4.tcp_timestamps = 0 
net.ipv4.tcp_sack = 1 
net.ipv4.tcp_window_scaling = 1
net.core.optmem_max = 2048000
....

*) i even tried writing on different disks (SDD, RamDisk): no change in results.
-----------------------------------------------------------------------------------------

the result is not good at all. these are my tests and results:
* iperf server: iperf -s -u 5
* iperf client : iperf -c ... -u -b 600m -t 10000

for dumping traffic at 600Mbps for 150 seconds, this is the best result i had so 
far:
total received packets: ~8,000,000
dropped packets: ~3,500,000

so my best result is more than 40% packet-drop, which is a disaster.

can anyone help me with this? any suggestions? am i doing something terribly 
wrong?

thank you.


      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.