Hi,
Thinking about this makes me wonder if this is sufficient. When 36 ethernet
ports can cause packet drops on the capture interface then probably the monitor
port will be dropping packets too. How are you going to account for that?
Thanks,
Jaap
Filonenko Alexander-AAF013 wrote:
Using tshark ring buffer mode on a server capturing data 24/7 from 36
Ethernet ports. Users are taking ring buffers as needed via remote
access and some scripts which simplify access/merge/processing.
Traffic is bursty and I need to know if any packets were
dropped while particular ring buffer file was captured. Obviously could
get summary of how many packets were dropped when tshark is stopped, but
it is running 24/7 and should not stop.
Ideally would like a separate file stored for each ring buffer by tshark
with number of packets dropped. Using Perl with Net::Pcap might be able
to help determine if packets were dropped in real-time (not sure if this
is going to work with tshark).
Any other approaches?
Thank you,
Alex Filonenko