hi guys,
i'm having quite a problem with tcpdump 4.0.0
i'm trying to dump gigabit network traffic to file with tcpdump. at first, i
was on Debian 5. i had tcpdump 3.9.8 (uses libpcap 0.9.8) installed and with
upgrading network-related parameters of kernel, i had no packet drop and
everything was fine. but then i installed tcpdump 4.0.0 (which uses libpcap
1.0) and this caused a huge packet drop in my receive. (in 700Mb tcp traffic, 1
out of 3 packets were being dropped)
i installed and checked dumpcap (comes with wireshark) and realized wireshark
1.2.6 which is built with libpcap 0.9.8 doesn't have packet drop, but wireshark
1.2.7 which is built with libpcap 1.0 has the same problem and packets are
hugely being dropped. (i'm not sure about wireshark versions)
so does libpcap 1.0 really have this bad bug or i'm doing something wrong?
also, i tested tcpdump 3.9.7(with libpcap 0.9.7) and tcpdump 4.0.0 (with
libpcap 1.0) on FreeBSD 8.0 (700Mb tcp traffic) and result was almost the same.
(packet drop with tcpdump 4.0 was 6 times more than tcpdump 3.9.7, though here
i couldnt make tcpdump 3.9.7 to dump with zero packet loss)
any ideas?
thank you.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
