> -----Original Message-----
> From: David Erickson [mailto:derickson@xxxxxxx]
> Sent: March 21, 2002 1:04 PM
> To: ethereal-users@xxxxxxxxxxxx
> Subject: [Ethereal-users] dropped packets sniffing gig ethernet
>
>
> I'm trying to sniff gigabit ethernet traffic (through a Cisco
> 6500 switch using portspanning).
> I am using an Intel gig ether NIC on a Windows P3 866, 256MB,
> 512MB Swap with
> 33mhz/64bit PCI bus running Win2k server.
>
> The number of dropped packets is excessive (50%), which is
> probably because the
> workstation needs more horsepower. I would like to spec out
> a replacement system
> adequate for the task, so my question is, for anyone who is getting
> good results sniffing gigabit ethernet traffic, what is the
> minimum configuration
> you've found is required? Is Win2k up to the task, or should
> I consider a different
> OS (e.g. NetBSD)? Linux is probably not a viable alternative
> due to the lack of
> timestamp resolution.
>
> thanks--
>
> Dave
Dave
I had an issue with Ethereal having excessive dropped packets on a
well traveled GigE link. I also tried sniffing via tethereal. What
I've noticed is that if I capture with tethereal and drop the capture
counter into /dev/null that I can capture at a higher rate with fewer
dropped packets. On a GigE link ethereal/tethereal can spend a fair amount
of time updating the captured packets counter. I wrote a local hack
which only wrote the number of packets captured at the end of capturing,
not sure which system I did that on at the moment. It was a fairly
trivial hack.
Also, you want to make sure you are not using any of your swap. Having
to swap can slowdown even the fastest systems. Most of my capture
stations have at least 1GByte of RAM.
my U$.02