Hello,
I am trying to improve a current monitoring situation where we use dumppcap with wireshark to capture specific traffic. We have anywhere from 20 - 50 copies of wireshark running with filters for different traffic. The problem is that past 50 traces running, the system starts dropping packets.
I am testing PF_RING ZC with tcpdump to see how it can improve the capturing but it seems I can only use one instance when specifying the interface "zc:eth1". Is it possible to have multiple tcpdumps running with filters or is there a better way to accomplish this?
Regards,
Lee
I am trying to improve a current monitoring situation where we use dumppcap with wireshark to capture specific traffic. We have anywhere from 20 - 50 copies of wireshark running with filters for different traffic. The problem is that past 50 traces running, the system starts dropping packets.
I am testing PF_RING ZC with tcpdump to see how it can improve the capturing but it seems I can only use one instance when specifying the interface "zc:eth1". Is it possible to have multiple tcpdumps running with filters or is there a better way to accomplish this?
Regards,
Lee