Hello everyone.
I'm running Linux, Ubuntu 8.10 to be exact, and darn it, my copy of
wireshark is dropping packets! About a third of them!
I'm sure you get this a lot, but before you close the window this
message is sitting in, let me explain why I am writing to this mailing list.
The suggestions on the wiki don't help much:
1. Try tcpdump/pcap. I did, and tcpdump drops them too. This might have
to do with the pcap library underlying them both.
2. Get a faster hard drive. The packet drops also happen when I use
tmpfs, i.e. a hard drive with a throughput of 660 MB per second. I don't
think that's it.
3. Get a faster network card. It's a wireless card running in 802.11b
mode with very few retransmits. The application also receives everything
fine; if it didn't, TCP would cause retransmits (I'm looking at HTTP
traffic), so it's not the network layer's fault.
4. Get a faster machine. I don't think this is a problem, because I have
a 10-year-old 1 GHz Pentium III with a junky ethernet card which drops
nothing. The machine in question is a dual core 1.5 GHz Intel Pentium M
laptop. Both run Linux, by the way.
Number four, in particular, is the reason I am writing to this mailing
list. It is why I am convinced the problem is in software somewhere.
So my question really is more specific: what software settings
(particularly those relating to libpcap) can I tweak to help this
problem? For example, is there a way to change the size of pcap's magic
packet buffer? Or, is there some clever thing I can do with virtual
device interfaces (like a TAP device) to make the packets go through
wireshark to get to their destination or else?
Thanks in advance.
--
Dan Harrison
