Hi Everyone,
I am performing a continuous capture of a large IP stream using dumpcap.
I have been told by my users that they are experiencing packet drop.
I am running CentOS 6.3 with:
- wireshark-1.2.15-2.el6_2.1.x86_64
- wireshark-gnome-1.2.15-2.el6_2.1.x86_64
- libpcap-1.0.0-6.20091201git117cb5.el6.x86_64
I found this solution on a Dumpcap man page:
- -B <capture buffer size>
-
Set capture buffer size (in MB, default is 1MB). This is used by the
the capture driver to buffer packet data until that data can be written
to disk. If you encounter packet drops while capturing, try to increase
this size. Note that, while Dumpcap attempts to set the buffer size
to 1MB by default, and can be told to set it to a larger value, the
system or interface on which you're capturing might silently limit the
capture buffer size to a lower value or raise it to a higher value.
This is available on UNIX systems with libpcap 1.0.0 or later and on
Windows. It is not available on UNIX systems with earlier versions of
libpcap.
This option can occur multiple times. If used before the first
occurrence of the -i option, it sets the default capture buffer size.
If used after an -i option, it sets the capture buffer size for
the interface specified by the last -i option occurring before
this option. If the capture buffer size is not set specifically,
the default capture buffer size is used if provided.
but alas this options in not available on my build even though I am running libpcap 1.0.0-6.
Any suggestions as to how to utilize the capture buffer size option on my machine will be greatly appreciated!
Thanx in advance.
-John
