[dnscap-users] dnscap 1.2.0 dropping packets vs version 20160205?
Paul Vlaar
paul at flairlab.nl
Wed Nov 30 22:34:43 UTC 2016
Odd! (on my results, that is) I'll have to do some more investigation
then on this end. I'll try on a FreeBSD system as well. I'm starting to
think it may be some interaction between other components on the Ubuntu
system now.
Thanks for looking into this so far Duane, very much appreciated.
~paul
On 30/11/16 23:29, Wessels, Duane wrote:
> Paul,
>
> I did another little test here with our live traffic. I ran dnscap-20160205 and dnscap-1.2.0 in two separate windows with these parameters (e.g. 10 time span):
>
> $ sudo ./dnscap -f -m q -s i -i ens1f1 -t 10 -T -w /disk2/tmp/dnscap-old
> $ sudo ./dnscap -f -m q -s i -i ens1f1 -t 10 -T -w /disk2/tmp/dnscap-new
>
> Then I counted the number of packets captured in each 10-second file, shown in the table below. In most cases the newer v1.2.0 wins by a little:
>
> start time v20160205 v1.2.0
> --------------- --------- --------
> 20161130.221220 841709 938803
> 20161130.221230 913349 948758
> 20161130.221240 813905 839441
> 20161130.221250 766642 812000
> 20161130.221300 671017 729540
> 20161130.221310 748825 760573
> 20161130.221320 759913 766256
> 20161130.221330 777853 771760
--
Paul Vlaar - FlairLab
Internet engineering, consultancy
Dutch Chamber of Commerce 63553104
More information about the dnscap-users
mailing list