On Jan 21, 2009, at 4:47 PM, Johne Cookcely wrote:
Hi! OmniPeek was on Windows xpsp2, Wireshark is on Linux ubuntu8.04.
"Same location, same channel, same card" doesn't necessarily imply
"same experience", as there's a bunch of software in the way.
In particular, the capture code path for Wireshark-on-Linux might drop
more packets than the capture code path for OmniPeek-on-Windows.
When you stop the capture, the status bar (if it's displayed) should
show
Packets: {N} Displayed: {N} Marked: 0 Dropped: {M}
for some values of N and M. If M isn't zero, some packets were
dropped because the capture code path wasn't fast enough to capture
them and save them to disk; 293149 beacons/hour is about 81 beacons/
second, so I could imagine packets getting dropped. How many are
getting dropped?
(Ubuntu 8.04 should have a recent enough libpcap that it will report
how many packets were dropped by the Linux capture mechanism because
they weren't getting processed fast enough, so Wireshark should be
able to report a count of dropped packets.)