Re: What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform
- From: song_winter@xxxxxxxxxxx
- Date: Sat, 28 Jul 2007 23:14:18 -0700
On Jul 29, 1:09 am, Randy Yates <ya...@xxxxxxxx> wrote:
song_win...@xxxxxxxxxxx writes:
What kind of tools can capture ethernet packets (such as UDP) fast
enough on the Linux platform? Ethereal cannot fulfill my
requirements.
I'm using packETH 1.4 to send packets.
I found that Ethereal cannot monitor all of the packets if I send
100000 (or more) packets (100 bytes per packet) consecutively with a
delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
least
some percent of the packets cannot be captured in Ethereal.
96172/100000 = 96.172%, >3% lost
957952/100000 = 95.7952%, >4% lost
Pls help me out, thx.
Have you tried the newer version of ethereal, which is now called
"wireshark"?
--
% Randy Yates % "So now it's getting late,
%% Fuquay-Varina, NC % and those who hesitate
%%% 919-577-9882 % got no one..."
%%%% <ya...@xxxxxxxx> % 'Waterfall', *Face The Music*, ELOhttp://home.earthlink.net/~yatescr- Hide quoted text -
- Show quoted text -
Hi, sire,
After check out the FAQ in Ethereal web page, I found that a FAQ maybe
was concern about my question.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Q 9.3: I'm capturing packets on Linux; why do the time stamps have
only 100ms resolution, rather than 1us resolution?
A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap
get them from the OS kernel, so Ethereal - and any other program using
libpcap, such as tcpdump - is at the mercy of the time stamping code
in the OS for time stamps.
At least on x86-based machines, Linux can get high-resolution time
stamps on newer processors with the Time Stamp Counter (TSC) register;
for example, Intel x86 processors, starting with the Pentium Pro, and
including all x86 processors since then, have had a TSC, and other
vendors probably added the TSC at some point to their families of x86
processors.
The Linux kernel must be configured with the CONFIG_X86_TSC option
enabled in order to use the TSC. Make sure this option is enabled in
your kernel.
In addition, some Linux distributions may have bugs in their versions
of the kernel that cause packets not to be given high-resolution time
stamps even if the TSC is enabled. See, for example, bug 61111 for Red
Hat Linux 7.2. If your distribution has a bug such as this, you may
have to run a standard kernel from kernel.org in order to get high-
resolution time stamps
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
But , how to reset the timestamp in Suse10 system???
Thanks for your help.
.
- References:
- Prev by Date: "broken pipe" errors using sftp under fc6
- Next by Date: X11 Terminal with Floppy/CD/USB-Stick
- Previous by thread: Re: What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform
- Next by thread: AT&T Global Network Client + Debian + Internet Connection
- Index(es):
Relevant Pages
|
