tcpdump mailing list archives
Re: elimininating dropping of packets by the kernel during packet capture
From: "Code Master" <cpp.codemaster () gmail com>
Date: Sat, 2 Jun 2007 19:18:53 +1200
Hi! The good news is that now I have eliminated the problem without fiddling with other things. The only thing I did was to remove the argument -s0 from tcpdump, so that now it only captures the header rather than the whole packet and it can therfore respond faster. Thanks for yuor help! On 5/28/07, Nguyen Huy Ha <ha.h.ngu () gmail com> wrote:
If the probelm is limited buffer, I suggest you check this artical: http://www.net.t-labs.tu-berlin.de/research/hppc/ It is said that you can change the kernel configuration to get 600Mbps without losses. I haven't try it since changing the buffer works for me, I only need to capture 50Mbps. Br. On 5/26/07, Code Master <cpp.codemaster () gmail com> wrote: > > On a sniffer computer (P4 1.6GHz with 368MB ram running ubuntu without X > server) which is equipped with a gigabit card and connected to the gigabit > port set to mirror other ports on a cluster switch (all other ports on the > switch are ordinary 10/100M), I am tying to capture tcp packets: > > sudo nice -20 tcpdump -v -s0 -i eth1 -w /tmp/stuff.pcap tcp > > where eth1 is the gigabit port and /tmp is mounted on tmpfs (ramdisk) to > avoid delays. I only run this command on console and I have turn off X > server and any other unnecessary services to decrease delay (I checked > wtih > ps aux > > However when there is a lot of packets, tcp dump reports some packet > dropped > (e.g. 200-300 packets per 60000 packets) "by the kernel". > > Then I ran > > ifconfig eth1 > > and it says no packets were dropped (does it mean that no packets were > dropped within the network card?) > > Now can you see where the packet is dropped in the kernel (is it because > the > buffer is not big enough?) and how can I eliminate packet drops? > > Thanks! > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- elimininating dropping of packets by the kernel during packet capture Code Master (May 25)
- Re: elimininating dropping of packets by the kernel during packet capture Nguyen Huy Ha (Jun 01)
- Re: elimininating dropping of packets by the kernel during packet capture Code Master (Jun 02)
- Re: elimininating dropping of packets by the kernel during packet capture Nguyen Huy Ha (Jun 01)