Wireshark · Wireshark-dev: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode

Wireshark-dev: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode

From: Filonenko Alexander-AAF013 <Alex.Filonenko@xxxxxxxxxxxx>

Date: Wed, 8 Oct 2008 18:26:10 -0400

Using tshark ring buffer mode on a server capturing data 24/7 from 36 Ethernet ports. Users are taking ring buffers as needed via remote access and some scripts which simplify access/merge/processing.

Traffic is bursty and I need to know if any packets were dropped while particular ring buffer file was captured. Obviously could get summary of how many packets were dropped when tshark is stopped, but it is running 24/7 and should not stop.

Ideally would like a separate file stored for each ring buffer by tshark with number of packets dropped. Using Perl with Net::Pcap might be able to help determine if packets were dropped in real-time (not sure if this is going to work with tshark).

Any other approaches?

Thank you,

Alex Filonenko

Follow-Ups:
- Re: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
  - From: Jaap Keuter

Prev by Date: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 26377: /trunk/epan/dissectors//trunk/epan/dissectors/: ncp2222.py
Previous by thread: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
Next by thread: Re: [Wireshark-dev] dropped packets stats for dumpcap/tshark ring buffer mode
Index(es):
- Date
- Thread