What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform - Networking

This is a discussion on What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform - Networking ; What kind of tools can capture ethernet packets (such as UDP) fast enough on the Linux platform? Ethereal cannot fulfill my requirements. I'm using packETH 1.4 to send packets. I found that Ethereal cannot monitor all of the packets if ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform

  1. What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform

    What kind of tools can capture ethernet packets (such as UDP) fast
    enough on the Linux platform? Ethereal cannot fulfill my
    requirements.

    I'm using packETH 1.4 to send packets.


    I found that Ethereal cannot monitor all of the packets if I send
    100000 (or more) packets (100 bytes per packet) consecutively with a
    delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
    least
    some percent of the packets cannot be captured in Ethereal.


    96172/100000 = 96.172%, >3% lost
    957952/100000 = 95.7952%, >4% lost


    Pls help me out, thx.


  2. Re: What kind of tools can capture ip packets(such as UDP)fast enoughon Linux Platform

    song_winter@hotmail.com wrote:
    > What kind of tools can capture ethernet packets (such as UDP) fast
    > enough on the Linux platform? Ethereal cannot fulfill my
    > requirements.
    >
    > I'm using packETH 1.4 to send packets.
    >
    >
    > I found that Ethereal cannot monitor all of the packets if I send
    > 100000 (or more) packets (100 bytes per packet) consecutively with a
    > delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
    > least
    > some percent of the packets cannot be captured in Ethereal.


    tcpdump would probably be the fastest.
    If you're spewing packets that fast, are you sure all the packets
    actually made it to the wire? Maybe the problem's in transmission.

  3. Re: What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform

    song_winter@hotmail.com writes:

    > What kind of tools can capture ethernet packets (such as UDP) fast
    > enough on the Linux platform? Ethereal cannot fulfill my
    > requirements.
    >
    > I'm using packETH 1.4 to send packets.
    >
    >
    > I found that Ethereal cannot monitor all of the packets if I send
    > 100000 (or more) packets (100 bytes per packet) consecutively with a
    > delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
    > least
    > some percent of the packets cannot be captured in Ethereal.
    >
    >
    > 96172/100000 = 96.172%, >3% lost
    > 957952/100000 = 95.7952%, >4% lost
    >
    >
    > Pls help me out, thx.


    Have you tried the newer version of ethereal, which is now called
    "wireshark"?
    --
    % Randy Yates % "So now it's getting late,
    %% Fuquay-Varina, NC % and those who hesitate
    %%% 919-577-9882 % got no one..."
    %%%% % 'Waterfall', *Face The Music*, ELO
    http://home.earthlink.net/~yatescr

  4. Re: What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform

    On Jul 29, 1:09 am, Randy Yates wrote:
    > song_win...@hotmail.com writes:
    > > What kind of tools can capture ethernet packets (such as UDP) fast
    > > enough on the Linux platform? Ethereal cannot fulfill my
    > > requirements.

    >
    > > I'm using packETH 1.4 to send packets.

    >
    > > I found that Ethereal cannot monitor all of the packets if I send
    > > 100000 (or more) packets (100 bytes per packet) consecutively with a
    > > delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
    > > least
    > > some percent of the packets cannot be captured in Ethereal.

    >
    > > 96172/100000 = 96.172%, >3% lost
    > > 957952/100000 = 95.7952%, >4% lost

    >
    > > Pls help me out, thx.

    >
    > Have you tried the newer version of ethereal, which is now called
    > "wireshark"?
    > --
    > % Randy Yates % "So now it's getting late,
    > %% Fuquay-Varina, NC % and those who hesitate
    > %%% 919-577-9882 % got no one..."
    > %%%% % 'Waterfall', *Face The Music*, ELOhttp://home.earthlink.net/~yatescr- Hide quoted text -
    >
    > - Show quoted text -


    Hi, sire,

    After check out the FAQ in Ethereal web page, I found that a FAQ maybe
    was concern about my question.
    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%
    Q 9.3: I'm capturing packets on Linux; why do the time stamps have
    only 100ms resolution, rather than 1us resolution?

    A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap
    get them from the OS kernel, so Ethereal - and any other program using
    libpcap, such as tcpdump - is at the mercy of the time stamping code
    in the OS for time stamps.

    At least on x86-based machines, Linux can get high-resolution time
    stamps on newer processors with the Time Stamp Counter (TSC) register;
    for example, Intel x86 processors, starting with the Pentium Pro, and
    including all x86 processors since then, have had a TSC, and other
    vendors probably added the TSC at some point to their families of x86
    processors.

    The Linux kernel must be configured with the CONFIG_X86_TSC option
    enabled in order to use the TSC. Make sure this option is enabled in
    your kernel.

    In addition, some Linux distributions may have bugs in their versions
    of the kernel that cause packets not to be given high-resolution time
    stamps even if the TSC is enabled. See, for example, bug 61111 for Red
    Hat Linux 7.2. If your distribution has a bug such as this, you may
    have to run a standard kernel from kernel.org in order to get high-
    resolution time stamps
    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%

    But , how to reset the timestamp in Suse10 system???

    Thanks for your help.


+ Reply to Thread