On Tuesday 11 March 2008 07:10:06 Martin Peylo wrote: > Hi Peter, > > while I didn't manage so far to find the exact cause of Wireshark > missing packets, I reproduced the very same problem. > > I was tracing on a P4 2GHz with 512MB RAM, acting as an ethernet > bridge in my small test environment. I had "Update list of packets in > real time" activated, which usually makes the GUI unable to react to > clicking the stop button in a passable timespan if there is more than > low traffic. > > As the result of overburdening the machine, I found a gap of about > 0.3s in the captured TCP (sic!) traffic which happened definitely only > in the traces, not in the transmission itself. > > I'm going to look deeper into this topic as soon as I can spare some > time. It'll for sure be hard to avoid overload caused losses in > capturing, but it might be possible to detect them.
Wireshark is not always the best at capturing, it is better to capture straight to disk with a tool like tcpdump, then analyze the traffic offline by loading the pcap file into wireshark. Also a little prep-work helps: remove any ip tables/connection tracking modules from your system so it doesn't inadvertently start tracking connections and possibly overflowing the tables. I also run a script like this on bootup to deal with lots of hosts in bridging mode and to increase the socket buffer sizes for raw sockets (I do not believe they auto-tune like TCP sockets). It also is useful to remove and addresses from passive capture interfaces. #!/bin/sh interfaces="test0 test1 test2 test3 mirror0" for i in $interfaces; do ifconfig $i up; done for i in $interfaces; do ip addr flush $i; ip link set $i mtu 9214 done for i in wmem_default wmem_max rmem_default rmem_max; do echo 16777216 > /proc/sys/net/core/$i; done echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh2 echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 using a command like 'tcpdump -i mirror0 -s0 -w traffic.pcap', you can easily capture 10's of thousands of packets/second with no drops. tcpdump will even tell you how many packets you dropped when you hit ctrl-c. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
