Wireshark-dev: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Thu, 8 May 2008 17:02:40 -0700
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Cc: <winpcap-users@xxxxxxxxxxx>
Sent: Tuesday, May 06, 2008 11:27 PM
Subject: [Winpcap-users] RE: [Wireshark-dev] ring buffer
We thought about that, so at packet handler method what I do is pushing packets inside a global queue just to avoid interfering with packets capture. A different thread is in charge of popping packets and manage them. Both threads have same priority at the moment, I don't know if I should change this somehow.
Well, if you are pushing packets in a queue, you are probably copying them, which introduced overhead. And since it's a queue shared by 2 thread, you surely have some sort of synchronization, which can introduce some further overhead.
I took a look at Wireshark source code, and the read timeout parameter in pcap_open is set to 250 there (not 1000 like savedump example). According to my problem, which choice is the best?
I think that wireshark sets it to 250 ms to have a faster refresh on the screen. Putting a timeout of 250 vs 1000ms doesn't affect performance a lot in case of high traffic. 

Have a nice day
GV



María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es



-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni 
Enviado el: martes, 06 de mayo de 2008 17:58
Para: Developer support list for Wireshark
CC: winpcap-users@xxxxxxxxxxx
Asunto: Re: [Wireshark-dev] ring buffer

As you can see from the savedump source code, the code to dump packets is
minimal. And the sample uses the standard parameters to the pcap functions. 
I think your application drops packets because it's somewhat slow at
processing packets (if you are doing any processing). What are you doing
after you receive a packet?

Have a nice day
GV
PS: I CCed the winpcap-users mailing list, as your question is more related 
to that mailing list rather than wireshark-dev
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Monday, May 05, 2008 11:38 PM
Subject: Re: [Wireshark-dev] ring buffer


Oh, thanks.

I have done two tests, and I think savedump doesnt miss any packets. What
can be the problem then? Maybe parameters in pcap functions or buffering?


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es



-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni
Enviado el: lunes, 05 de mayo de 2008 18:17
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer

What do you mean by "quite unreadable"?

savedump creates a pcap-compatible file that can be opened with wireshark
(it's not a text file, it's pcap file i.e. binary).

Have a nice day
GV
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sunday, May 04, 2008 11:34 PM
Subject: Re: [Wireshark-dev] ring buffer
I have tried it and the content of the capture file (which I have given the 
name of 'dump.txt') is quite unreadable.


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es


-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni
Enviado el: viernes, 02 de mayo de 2008 22:33
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer

Out of curiosity, does the sample in the WinPcap developer's pack named
wpdpack\Examples-pcap\savedump lose packets as well?

Have a nice day
GV
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Friday, May 02, 2008 4:39 AM
Subject: [Wireshark-dev] ring buffer


Hi
I am implementing a packet sniffer with VS. I posted some time ago problems 
with losing packets, and someone here suggested me that it could be a
problem between disk access and NIC speed.

I have done some research, and it seems this doesn't happen to Wireshark
because of the use of a ring buffer. Can someone tell me which files (apart from ringbuffer.c) are involved in Wireshark avoiding packet loss? Can I use 
any configuration of Winpcap function parameters for losing less packets?

Thanks in advance


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users