> Message: 4
> Date: Thu, 21 Mar 2002 12:32:40 -0800
> From: Guy Harris <guy@xxxxxxxxxx>
> To: "Eichert, Diana" <deicher@xxxxxxxxxx>
> Cc: "'ethereal-users@xxxxxxxxxxxx'" <ethereal-users@xxxxxxxxxxxx>
> Subject: Re: [Ethereal-users] dropped packets sniffing gig ethernet
>
> On Thu, Mar 21, 2002 at 01:13:49PM -0700, Eichert, Diana wrote:
> > I've noticed is that if I capture with tethereal and drop the capture
> > counter into /dev/null that I can capture at a higher rate with fewer
> > dropped packets.
>
> Then a "-q" flag to Tethereal might be useful, as you may be able to
> capture even faster if the capture counter isn't written at all.
>
> It certainly shouldn't be the *only* behavior you get, though. One
> thing annoying about tcpdump, which behaves like
>
> > I wrote a local hack
> > which only wrote the number of packets captured at the end of capturing,
> > not sure which system I did that on at the moment. It was a fairly
> > trivial hack.
>
> is that you don't know, until you terminate the capture, whether you're
> seeing any traffic. (Yes, you can use control-T on BSD systems with
> recent versions of tcpdump, but not all systems support SIGINFO, so that
> doesn't solve the problem.)
This was ok, the purpose in doing that was just an attempt to diminish the
number of dropped packets. For what I was doing I didn't need a constant
update of the number of packets captured, but I did need to know the total
captured without having to open the savefile again.
Actually the ability to control the update rate on the counter might be
useful, perhaps limiting the update to whenever data is written out to
the savefile. Looking at the ktrace of tethereal I see a counter update
to stdout for every packet captured.
However for most people a "-q" flag would probably help.
diana