Wireshark mailing list archives
Re: Something that would be useful in Wireshark when dealing with dropped packets
From: Guy Harris <guy () alum mit edu>
Date: Mon, 31 Dec 2018 17:09:00 -0800
On Dec 31, 2018, at 5:05 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:
However, I think maybe I have discovered how to prevent that. Increase the buffer size given to dumpcap (2GB or more.)
What happens if you use tcpdump rather than dumpcap? At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Something that would be useful in Wireshark when dealing with dropped packets Richard Sharpe (Dec 30)
- Re: Something that would be useful in Wireshark when dealing with dropped packets ronnie sahlberg (Dec 30)
- Re: Something that would be useful in Wireshark when dealing with dropped packets Richard Sharpe (Dec 31)
- Re: Something that would be useful in Wireshark when dealing with dropped packets Guy Harris (Dec 31)
- Re: Something that would be useful in Wireshark when dealing with dropped packets Anders Broman (Dec 31)
- Re: Something that would be useful in Wireshark when dealing with dropped packets Richard Sharpe (Dec 31)
- Re: Something that would be useful in Wireshark when dealing with dropped packets ronnie sahlberg (Dec 30)