realtime dumpcap capability

[marty leisner <maleisner () gmail com>]

Running on linux, I'm using two sharktap's across the lan/wan ports of a
router.

I'm running dumpcap into pipes, and reading the pipes.

I want the packets being emitted to be close time between the
ingress/egress packets -- what I'm seeing is a difference of up to
hundreds of milliseconds which is too long for my use.  (on a busy lan, it
would be hundred of packets difference).

I've played with PIPE_READ_TIMEOUT and WRITER_THREAD_TIMEOUT and haven't
gotten much improvement (some, not much)

Are there good tutorials for pulling packets out of the linux kernel (with
or without libpcap) -- or is it UTSL?

marty

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe