This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark in ubuntu with intel6205 capture very less frame under 5 G 11N

0

i am doing a test using my ubuntu box which used intel 6205, once i set the ap into wide channel under 5GHZ, the wireshark capture speed seems like be very slow, then i did a compare, i found that indeed for 11N 40MHZ frame wireshark with 6205 only can capture 50% frame than other card, if possible can i know if this a wireshark problem or the card limitation, indeed i already upgrade the kernel to 3.6, so seems like not because kernel too old.

asked 06 Nov '12, 18:05

vca86's gravatar image

vca86
1111
accept rate: 0%

One Answer:

0

do you have any connectivity issues (lost pings, slow download speed, etc.)? I think it's more a problem with the interface (or driver) itself, rather than Wireshark.

BTW: How did you figure out, that Wireshark is only capturing 50% of the traffic?

Regards
Kurt

answered 07 Nov '12, 13:39

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Hi Kurt,

Thanks for your kindly reply,i think the connectivity should be ok, for that once i use this card to connect internet everything seems be good, i found this issue is because i also have a windows laptop which can run the same capture, after i found wireshark+intel6205 become slow then i did a compare between the windows and linux, the 50% is a roughly number,but wireshark linux with intel6205 is really slow.

Regards Allen

(07 Nov '12, 15:05) vca86

Just to be sure we talk about the same thing:

Did you caputre a WLAN session of a third machine with Windows and Linux at the same time and the Linux capture file contained only 50% of the packets? If so, were the missing packets random packets or only packets in one direction (e.g. only client -> server)?

What do you mean by "Wireshark with intel6205 is really slow?" Slow in terms of what?

BTW: Talking about Wireshark beeing slow. Did you enable Name resolving in Wireshark? If so, that could explain why Wireshark appears to be slow, especially if the nameserver on your linux system is configured but unreachable.

Edit -> Preferences -> Name Resolution

Please check the option: Enable Network Name Resolution

If that option is checked, please uncheck it and retry.

(07 Nov '12, 15:19) Kurt Knochner ♦

Hi Kurt, thanks for your reply, yes i did that at same time by using a third laptop produce traffic,according my test the missing package involved both upload and download, most of missing package is control/management frame, follow your suggestion, after check the wireshark setting, i found that the "Enable Network Name Resolution" is disabled in my environment.

(08 Nov '12, 17:15) vca86

O.K. then I assume it's a problem with either the driver or the hardware itself. Both are pretty hard to troubleshoot.

(08 Nov '12, 19:04) Kurt Knochner ♦