[dnscap-users] dnscap 1.2.0 dropping packets vs version 20160205?
jerry at dns-oarc.net
Mon Dec 12 06:17:57 UTC 2016
Sorry for the late reply but I have been away.
There has been A LOT of changes to the internals of dnscap due to
reported packet lost and what I found while trying to solve it is that
some combinations of libpcap and linux kernel version tend to drop more
then others. What kernel are you running?
As Duane results below, all the testing I've done have only shown
improvement in the packet capturing.
With 1.2.0 and pcap-thread  the capturing is done in threads, can you
rerun your tests with -S to see if it is dropping packets because of CPU?
I also see that you are using -t 300 and I've recently noticed an issue
with the -t flag that I've yet had time too look closer on, this may be
responsible for your numbers. If you can please also capture with
tcpdump first and the run the various versions on the pcap file.
On 11/30/16 22:34, Paul Vlaar wrote:
> Odd! (on my results, that is) I'll have to do some more investigation
> then on this end. I'll try on a FreeBSD system as well. I'm starting to
> think it may be some interaction between other components on the Ubuntu
> system now.
> Thanks for looking into this so far Duane, very much appreciated.
> On 30/11/16 23:29, Wessels, Duane wrote:
>> I did another little test here with our live traffic. I ran dnscap-20160205 and dnscap-1.2.0 in two separate windows with these parameters (e.g. 10 time span):
>> $ sudo ./dnscap -f -m q -s i -i ens1f1 -t 10 -T -w /disk2/tmp/dnscap-old
>> $ sudo ./dnscap -f -m q -s i -i ens1f1 -t 10 -T -w /disk2/tmp/dnscap-new
>> Then I counted the number of packets captured in each 10-second file, shown in the table below. In most cases the newer v1.2.0 wins by a little:
>> start time v20160205 v1.2.0
>> --------------- --------- --------
>> 20161130.221220 841709 938803
>> 20161130.221230 913349 948758
>> 20161130.221240 813905 839441
>> 20161130.221250 766642 812000
>> 20161130.221300 671017 729540
>> 20161130.221310 748825 760573
>> 20161130.221320 759913 766256
>> 20161130.221330 777853 771760
More information about the dnscap-users