libpcap 1.0 huge packet drop?

[bored to death <bored_to_death85 () yahoo com>]

hi guys,

i'm having quite a problem with tcpdump 4.0.0

i'm trying to dump gigabit network traffic to file with tcpdump. at first, i was on Debian 5. i had tcpdump 3.9.8 (uses 
libpcap 0.9.8) installed and with upgrading network-related parameters of kernel, i had no packet drop and everything 
was fine. but then i installed tcpdump 4.0.0 (which uses libpcap 1.0) and this caused a huge packet drop in my receive. 
(in 700Mb tcp traffic, 1 out of 3 packets were being dropped)
i installed and checked dumpcap (comes with wireshark) and realized wireshark 1.2.6 which is built with libpcap 0.9.8 
doesn't have packet drop, but wireshark 1.2.7 which is built with libpcap 1.0 has the same problem and packets are 
hugely being dropped. (i'm not sure about wireshark versions)

so does libpcap 1.0 really have this bad bug or i'm doing something wrong?

also, i tested tcpdump 3.9.7(with libpcap 0.9.7) and tcpdump 4.0.0 (with libpcap 1.0) on FreeBSD 8.0 (700Mb tcp 
traffic) and result was almost the same. (packet drop with tcpdump 4.0 was 6 times more than tcpdump 3.9.7, though here 
i couldnt make tcpdump 3.9.7 to dump with zero packet loss)

any ideas?

thank you.



      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.