This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

what is the meaning of “dropped"count of capture result

1

when i captured some packets, the result shows "Packets : xxxxx Displayed : xxxxx Marked : 0 Dropped : xxxxx" in the bottom of capture result.(xxxx -> any number) if there is "Dropped" count, for example "Packets : xxxxx Displayed : xxxxx Marked : 0 Dropped : 10" what does the "10" means? does that mean there are 10 packet the Wireshark didn`t capture? or what does that mean? is it possible there could be uncapturable packet in case the traffic is coming with wire rate?

asked 18 Nov '10, 02:22

defpoet4's gravatar image

defpoet4
21113
accept rate: 0%

One Answer:

1

Yes, dropped packets count packets which WERE on the wire, but were NOT captured by wireshark. Depending on your capture setup, it can absolutely happen that you have packet drops while capturing. Reasons for drops > 0 are spread widely.

Two examples:

  • Could be your harddrive, if it's too slow to capture to disk at line rate
  • Could be the capture setting itself - live scrolling and update list in realtime are a good start to disable when packets are dropped

Of course lots of other factors are possible, but those are the first two I look at

answered 18 Nov '10, 02:39

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%