[Winpcap-users] Efficiency of winpcap library
Guy Harris
guy at alum.mit.edu
Wed Feb 11 02:10:44 GMT 2009
On Feb 10, 2009, at 2:50 PM, Charu Agrawal wrote:
> What is the maximum achievable speed of frame capture possible using
> the winpcap library. I tried testing with the Wireshark ( which uses
> the winpcap library)
...and, if you're capturing in "Update list of packets in real time",
also uses its dissectors for every frame.
I.e., if you're trying to capture packets arriving at a very high rate
with Wireshark, try turning "Update list of packets in real time" off;
otherwise, Wireshark does a *lot* of work for each packet, which
limits the rate at which it can process incoming packets.
Even when you're capturing *without* "Update list of packets in real
time", Wireshark updates the packet counts in the capture summary
window, which involves reading each packet (and determining, to some
degree, what type of packet it is), so you might just want to use
dumpcap and write to a file, and then read the file later with
Wireshark.
More information about the Winpcap-users
mailing list