I don't know much about details of pf_ring, but if you have lipcap packet loss on a 3G network something is not right. IMO I'd fix that vs using pf_ring.
----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Wed Sep 02 22:17:35 2009 Subject: Re: [Ntop] PF_RING for non-eth devices Hello, On Tue, Sep 1, 2009 at 5:41 PM, Mitch Davis<[email protected]> wrote: > > We have been experiencing packet loss when capturing packets from a 3G > wireless modem using Fedora 10's tcpdump. In order to avoid dropped > packets, I have been trying the PF_RING patch. > > [r...@t999999920 ~]# ./tcpdump -i eth0 -n -w /dev/null > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > ^C216 packets captured > 218 packets received by filter > 0 packets dropped by kernel > [r...@t999999920 ~]# ./tcpdump -i usb0 -n -w /dev/null > tcpdump: listening on usb0, link-type USB_LINUX (USB with Linux > header), capture size 96 bytes Further to this, the captured file appears to be captured USB traffic (encapsulating ethernet I guess), not ethernet traffic! I have tried passing -y EN10B to the PF_RING tcpdump, but I get: [r...@t999999920 ~]# ./tcpdump -y EN10B -i usb0 -n -w test100MB-load-nosave-PF_ring.pcap tcpdump: invalid data link type EN10B [r...@t999999920 ~]# (Passing -y USB_LINUX works, but I still get captured USB) Can anyone give me some pointers on how I can capture ethernet traffic using the PF_RING version of tcpdump, from a device with interface usb0 please? Thank you, Mitch. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
