tcpdump mailing list archives
Re: Multi process sniffing and dropped packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 12 Jan 2006 17:24:29 -0800
On Jan 12, 2006, at 3:11 PM, computational_complex- forthespam () yahoo it wrote:
- every process executes an infinite loop in which pcap_next() is called. - every process executes a pcap_loop() call.
So does each process execute a pcap_open_live() call?Or do you do that in the main process and then fork multiple subprocesses?
In the former case, each process will probably get its own copy of each of the packets received, rather than the packets being distributed amongst the processes.
In the latter case, that *might* work, but I don't know whether it's guaranteed to work on all platforms.
Anyway, i would like to know how ps_drop in struct pcap_stat is calculated; is this the number of packets that the network card drops?
No.
Or does it count pcap library dropped packets?
No - the library doesn't "drop" packets in that sense.It counts the number of packets dropped by the kernel's packet capture mechanism (if the packet capture mechanism even bothers to count those drops - some don't, so you might get a 0 value for ps_drop even if packets were dropped) because it ran out of buffer space.
If it's in the latter case, why the lib drops packets? Is there a buffer full?
Yes.
Can i enlarge this buffer?
It might be possible, on some OSes, but the way it's done is OS- dependent - and you can't do it with BPF once the BPF device has been bound to a network adapter, so you can't do it once pcap_open_live() has finished.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Multi process sniffing and dropped packets computational_complex-forthespam (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 13)
- Re: Multi process sniffing and dropped packets Robert Lowe (Jan 12)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 14)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 17)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 21)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Michael Richardson (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 12)