tcpdump mailing list archives
Re: How to tell if application is handling packets
From: Chris Morgan <chmorgan () gmail com>
Date: Sat, 26 Dec 2009 18:13:49 -0500
On Sat, Dec 26, 2009 at 5:02 PM, Guy Harris <guy () alum mit edu> wrote:
On Dec 26, 2009, at 9:27 AM, Chris Morgan wrote:I have a case where it appears that packets are being missed or dropped. I wonder if this is due to too much processing being done in the pcap_dispatch() handler in my application in cases where there are bursts of packets like facebook chat messages or website visits. My question is how to detect this situation at runtime or via a test case. I thought of using pcap_stats() but I wasn't sure if pcap_stat.ps_drop was the number of packets that were dropped only due to buffer overruns due to the application callback not processing packets quick enough, or if this count referred to duplicate/error packets and/or packets dropped due to buffer overruns.On what version of OS are you capturing the traffic (for a Linux distribution, give the kernel version), and with what version of libpcap are you doing this? ps_drop is *supposed* to reflect only packets dropped due to buffer overruns, but
Ahh, so ps_drop might work for this. Users are reporting issues on Windows with the latest winpcap release but I do a lot of my testing under Linux, Ubuntu 9.10, 2.6.31 x64. I'd be doing the drop testing under Linux initially. On Linux its pcap version 2.4 from pcap.h although the package is listed as version 0.8.
1) on some OSes, the capture mechanism doesn't make that information available; 2) there were, I think, bugs in some versions of libpcap on some platforms that caused ps_drop not to correctly reflect that. I don't *think* any of those bugs caused it to count packets dropped due to network errors, and libpcap and the capture mechanisms it uses don't drop duplicate packets.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- How to tell if application is handling packets too slowly, causing them to be missed? Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)