I am using tethereal to capture SIP and RTP traffic to a
Session Border Controller. I have
two Fedora Core 2 machines I use to perform captures. Both
are dual Xeon 2.6 Mhz, with
2 Ethernet interfaces (Gigabit) and are connected to a 3750 Cisco
Switch.
When running at approximately 40 MB and capturing 500,000
packets I see where there is
a large amount of packets dropped from either machine:
[root@wigeon mjacobs]# tethereal -i eth1 -q -c 500000 -w
junk.eth
Capturing on eth1
184279 packets dropped
500000 packets captured
The CPU is running approximately 20% and I do not show
memory swapping or high i/o wait.
Below is the version of tethereal I have installed (from
source):
tethereal -v
tethereal 0.10.6
Compiled with GLib 2.4.0, with libpcap 0.8.3, with libz
1.2.1.1,
with libpcre 5.0, without UCD-SNMP or Net-SNMP, without
ADNS.
Running with libpcap version 0.8.3 on Linux 2.6.8-1.521smp.
Should I expect better performance than this? If so, could
someone point me in a direction
to go to tweak my machines. Searched boards I found some
notes a couple of years
ago talking about changes to the linux kernel and some
patches, but nothing specific. I have
never dealt with any of that before, but since I work in a
test lab, trying out these types
of things is not a problem and how I learn.
Thanks,
Mike