Using
tshark ring buffer mode on a server capturing data 24/7 from 36
Ethernet ports. Users are taking ring buffers as needed via remote
access and some scripts which simplify access/merge/processing.
Traffic is bursty
and I need to know if any packets were dropped while particular
ring buffer file was captured. Obviously could get summary of how many packets
were dropped when tshark is stopped, but it is running 24/7 and should not
stop.
Ideally would like a
separate file stored for each ring buffer by tshark with number of packets
dropped. Using Perl with Net::Pcap might be able to help determine if packets
were dropped in real-time (not sure if this is going to work with
tshark).
Any other
approaches?
Thank
you,
Alex
Filonenko