Wireshark mailing list archives
Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3
From: Michael Tuexen <Michael.Tuexen () lurchi franken de>
Date: Fri, 10 Aug 2012 15:37:00 +0200
On Aug 10, 2012, at 3:14 PM, John Powell wrote:
Hi Everyone, • I am running Wireshark 1.8.1 (compiled from source) under CentOS 6.3. • I am running Dumpcap as a service. Dumpcap command command line is: /usr/local/bin/dumpcap -B 32 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -b files:1200 -b filesize:250000 -b duration:900 -w /var/opt/data/captures/eth1.cap My users have told me that when they select a packet capture then select Telephony - RTP - Show all Streams that it indicates packets are being lost. Src IP Src port Dest IP Dest port SSRC Payload Packets Lost Max Delta (ms) Max Jitter (ms) Mean Jitter (ms) Pb? z.z.z.z 25000 a.a.a.a 58436 0x4E5B15A3 ITU-T G.711 PCMU 828 58 (6.5%) 399.94 1.53 0.5 X t.t.t.t 11488 u.u.u.u 40300 0x46810727 ITU-T G.711 PCMU 829 57 (6.4%) 400.07 2.54 0.13 X v.v.v.v 2240 w.w.w.w 57836 0x375E2DB2 ITU-T G.711 PCMU 829 57 (6.4%) 399.99 0.18 0.1 X a.a.a.a 25012 b.b.b.b 52376 0x2FF25BB2 ITU-T G.711 PCMU 829 57 (6.4%) 400.05 0.2 0.09 X I have looked at the following for determining the cause for the packet loss with no avail: #dstat -dnyc -N eth1,eth2 -C total -f 5 --dsk/sda-----dsk/sdb-- --net/eth1----net/eth2- ---system-- ----total-cpu-usage---- read writ: read writ| recv send: recv send| int csw |usr sys idl wai hiq siq 43k 3586k:2090B 1549k| 0 0 : 0 0 |9212 17k| 0 1 97 2 0 0 30k 26k: 0 15M| 11M 0 :5054k 0 | 27k 47k| 6 2 88 4 0 0 0 0 : 0 17M| 11M 0 :5154k 0 | 27k 51k| 4 2 91 3 0 0 # ethtool -S eth1 NIC statistics: rx_packets: 8993763019 tx_packets: 48 rx_bytes: 1966538225542 tx_bytes: 8503 rx_broadcast: 1123416 tx_broadcast: 4 rx_multicast: 84815150 tx_multicast: 44 rx_errors: 0 tx_errors: 0 tx_dropped: 0 multicast: 84815150 collisions: 0 rx_length_errors: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0 rx_no_buffer_count: 0 rx_missed_errors: 0 tx_aborted_errors: 0 tx_carrier_errors: 0 tx_fifo_errors: 0 tx_heartbeat_errors: 0 tx_window_errors: 0 tx_abort_late_coll: 0 tx_deferred_ok: 0 tx_single_coll_ok: 0 tx_multi_coll_ok: 0 tx_timeout_count: 0 tx_restart_queue: 0 rx_long_length_errors: 0 rx_short_length_errors: 0 rx_align_errors: 0 tx_tcp_seg_good: 0 tx_tcp_seg_failed: 0 rx_flow_control_xon: 0 rx_flow_control_xoff: 0 tx_flow_control_xon: 0 tx_flow_control_xoff: 0 rx_long_byte_count: 1966538225542 rx_csum_offload_good: 3144430076 rx_csum_offload_errors: 1488 rx_header_split: 0 alloc_rx_buff_failed: 0 tx_smbus: 0 rx_smbus: 0 dropped_smbus: 0 rx_dma_failed: 0 tx_dma_failed: 0 # ethtool -S eth2 NIC statistics: rx_packets: 3244021783 tx_packets: 50 rx_bytes: 697014132296 tx_bytes: 8727 rx_broadcast: 5279269 tx_broadcast: 4 rx_multicast: 18211478 tx_multicast: 46 rx_errors: 0 tx_errors: 0 tx_dropped: 0 multicast: 18211478 collisions: 0 rx_length_errors: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0 rx_no_buffer_count: 0 rx_missed_errors: 0 tx_aborted_errors: 0 tx_carrier_errors: 0 tx_fifo_errors: 0 tx_heartbeat_errors: 0 tx_window_errors: 0 tx_abort_late_coll: 0 tx_deferred_ok: 0 tx_single_coll_ok: 0 tx_multi_coll_ok: 0 tx_timeout_count: 0 tx_restart_queue: 0 rx_long_length_errors: 0 rx_short_length_errors: 0 rx_align_errors: 0 tx_tcp_seg_good: 0 tx_tcp_seg_failed: 0 rx_flow_control_xon: 0 rx_flow_control_xoff: 0 tx_flow_control_xon: 0 tx_flow_control_xoff: 0 rx_long_byte_count: 697014132296 rx_csum_offload_good: 3110059283 rx_csum_offload_errors: 0 rx_header_split: 0 alloc_rx_buff_failed: 0 tx_smbus: 0 rx_smbus: 0 dropped_smbus: 0 rx_dma_failed: 0 tx_dma_failed: 0 I would be most greatful for any suggestions as to how to determine the cause of this packet loss and resolve it for my users.
When dumpcap is terminated, it writes how man packets were dropped. This number is also stored in the capture file. So if you load the capture file in wireshark and select Statistics/Summary, you should see how many packets were dropped. Unfortunately, capinfos doesn't report the number of dropped packets (yet). Best regards Michael
Thanks in advance for any and all assistance! -John ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 John Powell (Aug 10)
- Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 Michael Tuexen (Aug 10)
- Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 John Powell (Aug 13)
- Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 Michael Tuexen (Aug 13)
- Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 John Powell (Aug 13)
- Re: Determining Cause for Packet Loss in Wireshark 1.8.1 running under CentOS 6.3 Michael Tuexen (Aug 10)