Wireshark · Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets

Wireshark-dev: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing wit

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>

Date: Tue, 1 Jan 2019 16:33:56 -0800

On Mon, Dec 31, 2018 at 5:09 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Dec 31, 2018, at 5:05 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>
> > However, I think maybe I have discovered how to prevent that. Increase
> > the buffer size given to dumpcap (2GB or more.)
>
> What happens if you use tcpdump rather than dumpcap?  At least at one point (I think when the changes to libpcap to support memory-mapped packet capture on Linux were being done, the person who made them did some tests with and without memory-mapped capture with both tcpdump and dumpcap) tcpdump lost significantly fewer packets than dumpcap (probably due to the simpler capture code path).

I was capturing on Windows so, AFAIAA, tcpdump was not an option.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)

References:
- Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
  - From: Richard Sharpe
- Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Next by Date: [Wireshark-dev] Why does the IEEE802.11 treat the Frame Control field as a separate top-level entity
Previous by thread: Re: [Wireshark-dev] Something that would be useful in Wireshark when dealing with dropped packets
Next by thread: [Wireshark-dev] Why does the IEEE802.11 treat the Frame Control field as a separate top-level entity
Index(es):
- Date
- Thread