What kind of tools can capture ip packets(such as UDP)fast enough on Linux Platform

What kind of tools can capture ethernet packets (such as UDP) fast
enough on the Linux platform? Ethereal cannot fulfill my
requirements.

I'm using packETH 1.4 to send packets.


I found that Ethereal cannot monitor all of the packets if I send
100000 (or more) packets (100 bytes per packet) consecutively with a
delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
least
some percent of the packets cannot be captured in Ethereal.


96172/100000 = 96.172%, >3% lost
957952/100000 = 95.7952%, >4% lost


Pls help me out, thx.

(E-Mail Removed) wrote:
> What kind of tools can capture ethernet packets (such as UDP) fast
> enough on the Linux platform? Ethereal cannot fulfill my
> requirements.
>
> I'm using packETH 1.4 to send packets.
>
>
> I found that Ethereal cannot monitor all of the packets if I send
> 100000 (or more) packets (100 bytes per packet) consecutively with a
> delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
> least
> some percent of the packets cannot be captured in Ethereal.

tcpdump would probably be the fastest.
If you're spewing packets that fast, are you sure all the packets
actually made it to the wire? Maybe the problem's in transmission.

(E-Mail Removed) writes:

> What kind of tools can capture ethernet packets (such as UDP) fast
> enough on the Linux platform? Ethereal cannot fulfill my
> requirements.
>
> I'm using packETH 1.4 to send packets.
>
>
> I found that Ethereal cannot monitor all of the packets if I send
> 100000 (or more) packets (100 bytes per packet) consecutively with a
> delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
> least
> some percent of the packets cannot be captured in Ethereal.
>
>
> 96172/100000 = 96.172%, >3% lost
> 957952/100000 = 95.7952%, >4% lost
>
>
> Pls help me out, thx.

Have you tried the newer version of ethereal, which is now called
"wireshark"?
--
% Randy Yates % "So now it's getting late,
%% Fuquay-Varina, NC % and those who hesitate
%%% 919-577-9882 % got no one..."
%%%% <(E-Mail Removed)> % 'Waterfall', *Face The Music*, ELO
http://home.earthlink.net/~yatescr

On Jul 29, 1:09 am, Randy Yates <ya...@ieee.org> wrote:
> song_win...@hotmail.com writes:
> > What kind of tools can capture ethernet packets (such as UDP) fast
> > enough on the Linux platform? Ethereal cannot fulfill my
> > requirements.
>
> > I'm using packETH 1.4 to send packets.
>
> > I found that Ethereal cannot monitor all of the packets if I send
> > 100000 (or more) packets (100 bytes per packet) consecutively with a
> > delay between packets of 8 us (= 0.008 ms = 0.000008 s), i.e. at
> > least
> > some percent of the packets cannot be captured in Ethereal.
>
> > 96172/100000 = 96.172%, >3% lost
> > 957952/100000 = 95.7952%, >4% lost
>
> > Pls help me out, thx.
>
> Have you tried the newer version of ethereal, which is now called
> "wireshark"?
> --
> % Randy Yates % "So now it's getting late,
> %% Fuquay-Varina, NC % and those who hesitate
> %%% 919-577-9882 % got no one..."
> %%%% <ya...@ieee.org> % 'Waterfall', *Face The Music*, ELOhttp://home.earthlink.net/~yatescr- Hide quoted text -
>
> - Show quoted text -

Hi, sire,

After check out the FAQ in Ethereal web page, I found that a FAQ maybe
was concern about my question.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%
Q 9.3: I'm capturing packets on Linux; why do the time stamps have
only 100ms resolution, rather than 1us resolution?

A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap
get them from the OS kernel, so Ethereal - and any other program using
libpcap, such as tcpdump - is at the mercy of the time stamping code
in the OS for time stamps.

At least on x86-based machines, Linux can get high-resolution time
stamps on newer processors with the Time Stamp Counter (TSC) register;
for example, Intel x86 processors, starting with the Pentium Pro, and
including all x86 processors since then, have had a TSC, and other
vendors probably added the TSC at some point to their families of x86
processors.

The Linux kernel must be configured with the CONFIG_X86_TSC option
enabled in order to use the TSC. Make sure this option is enabled in
your kernel.

In addition, some Linux distributions may have bugs in their versions
of the kernel that cause packets not to be given high-resolution time
stamps even if the TSC is enabled. See, for example, bug 61111 for Red
Hat Linux 7.2. If your distribution has a bug such as this, you may
have to run a standard kernel from kernel.org in order to get high-
resolution time stamps
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%

But , how to reset the timestamp in Suse10 system???

Thanks for your help.