I have to capture a data from FPGA Board which sends totally 15000 frames. Each frame consists of 514 bytes and each frame they are sending at a rate of 4usec. In my application I used pcap_open_live(devicename, 65536, 1, 1000, errbuf) and added filters to capture the data. I can able to receive around 12500 packets only in my application. And also I checked in wire shark there also I can able to receive 13000 packets. The above one I tried in windows. In linux I used tcpdump, there I can receive all the packets correctly. Kindly suggest me why im missing the packets(windows)? asked 25 Sep '14, 00:22  paulraj85 |
One Answer:
My guess is you're capturing with a normal PC and a normal NIC. You're lucky to capture as much as you do with that kind of timings - 4 µsec sending rate is too fast in most cases, and you'd loose tons of packets if you'd go for larger frame sizes I guess. If you need to capture all packets you'll probably have to get a specialized capture card to be able to avoid drops (e.g. Napatech, Fiberblaze) - but that's gonna be expensive, and they don't see to market their cards towards single users, only capture system builders. You could also take a look at TurboCAP by Riverbed. answered 25 Sep '14, 00:27  Jasper ♦♦ |
Thanks Jasper, But in Linux I can able to capture all data using tcpdump with this speed any reason?
Possibly the Linux kernel and libpcap is more efficient than windows+ WinPcap. Or your linux Bix has ma better could and faster ram.