Wireshark-users: [Wireshark-users] CentOS 6.3 and DUMPCAP -B option

From: John Powell <jrp999@xxxxxxxxx>
Date: Wed, 8 Aug 2012 07:52:58 -0600
Hi Everyone,

I am performing a continuous capture of a large IP stream using dumpcap.

I have been told by my users that they are experiencing packet drop.

I am running CentOS 6.3 with:

  • wireshark-1.2.15-2.el6_2.1.x86_64
  • wireshark-gnome-1.2.15-2.el6_2.1.x86_64
  • libpcap-1.0.0-6.20091201git117cb5.el6.x86_64

I found this solution on a Dumpcap man page:

-B <capture buffer size>

Set capture buffer size (in MB, default is 1MB). This is used by the the capture driver to buffer packet data until that data can be written to disk. If you encounter packet drops while capturing, try to increase this size. Note that, while Dumpcap attempts to set the buffer size to 1MB by default, and can be told to set it to a larger value, the system or interface on which you're capturing might silently limit the capture buffer size to a lower value or raise it to a higher value.

This is available on UNIX systems with libpcap 1.0.0 or later and on Windows. It is not available on UNIX systems with earlier versions of libpcap.

This option can occur multiple times. If used before the first occurrence of the -i option, it sets the default capture buffer size. If used after an -i option, it sets the capture buffer size for the interface specified by the last -i option occurring before this option. If the capture buffer size is not set specifically, the default capture buffer size is used if provided.

but alas this options in not available on my build even though I am running libpcap 1.0.0-6.

Any suggestions as to how to utilize the capture buffer size option on my machine will be greatly appreciated!

Thanx in advance.

-John