Wireshark mailing list archives
Re: Something that would be useful in Wireshark when dealing with dropped packets
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Tue, 1 Jan 2019 16:33:56 -0800
On Mon, Dec 31, 2018 at 5:09 PM Guy Harris <guy () alum mit edu> wrote:
On Dec 31, 2018, at 5:05 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:However, I think maybe I have discovered how to prevent that. Increase the buffer size given to dumpcap (2GB or more.)What happens if you use tcpdump rather than dumpcap? At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).
I was capturing on Windows so, AFAIAA, tcpdump was not an option. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Something that would be useful in Wireshark when dealing with dropped packets Richard Sharpe (Jan 01)