On Apr 25, 2012, at 11:08 AM, Michael Tuexen wrote:
> However, we have no chance to report the packets dumpcap dropped.
Where does dumpcap itself drop packets? Is this referring to the fact that, on
some platforms, the OS's capture mechanism reports received packets as "packets
received by the capture mechanism" rather than "packets received by the capture
mechanism *and read into userland*" (and even *that* could be less than "...
*and processed by the application*")?
$ man bpf
...
BIOCGSTATS (struct bpf_stat) Returns the following structure of
packet statistics:
struct bpf_stat {
u_int bs_recv; /* number of packets received */
u_int bs_drop; /* number of packets dropped */
};
The fields are:
bs_recv the number of packets received by the
descriptor since opened or reset (*including any buffered since the last read
call*); and
(emphasis mine)?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
