johnbumgarner
commented
3 years ago Are you running pyshark and Wireshark simultaneously? If so, how are you starting these packages at the exact same time?
Open Lzhou2020 opened 3 years ago
johnbumgarner
commented
3 years ago Are you running pyshark and Wireshark simultaneously? If so, how are you starting these packages at the exact same time?
Lzhou2020
commented
3 years ago Thanks for the reply. I used IXIA PerfectStorm device to generate the traffic, and the pyshark and wireshark ran in the same PC simultaneously to capture the traffic from the same interface. Comparing the captured pcap files, pyshark.liveCapture missed a lot of packets, even the input traffic rate is less than 10Mb/s. I noticed this issue when I compared pyshark.fileCapture function and pyshark.liveCapture in processing the same/similar input traffic and observed the large number of packets missed. Others also raised pyshark performance issue, e.g., pyshark captures the number of packets fewer than tshark/ wireshark #137, and not sure whether the liveCapture function could not handle a certain amount of traffic load? Can we modify the pyshark code to address this issue? Thanks.
johnbumgarner
commented
3 years ago What is the different in pcap sizes? When you DIFF the files how much is different?
Lzhou2020
commented
3 years ago In the experiment, the size ratio of pcap file generated from pyshark.liveCapture compared to that from Wireshark is about 50% or less relating to input traffic rate. IP filter was set during the packet capture for both. May repeat the experiments and verify the problem. Working on finding the cause and solution. thanks.
johnbumgarner
commented
3 years ago 50% less seem near impossible. I need to run a test myself to see my pcap sizes.
When comparing the packets captured in "live_cap.pcap" by the function: cap = pyshark.LiveCapture(interface='eth0',bpf_filter="ip", output_file = “live_cap.pcap”) with the packets captured simultaneously by Wireshark in a pcap file, the packets in "live_cap.pcap" is much less. Please help to answer whether there is packet drop issue in the pyshark.live_capture function, or some parameter setting is wrong, how to resolve the packet missing problem? (this problem was posted in https://github.com/KimiNewt/pyshark/issues/495, no answer yet) Thanks.