Support #1232
closedHow to detect packet loss
Description
Hey!
Can anyone explain how to detect paket loss? Currently, I'm using suricata in two different setups:
1) Suricata "standard" installation, without modifications
2) Suricata, compiled with PF_RING Support, I'm running suricata in combination with PF_RING transparent_mode 0 and standard intel e1000e driver (no DNA or ZC)
All tests are carried out with same Traffic and Bandwith (100Mbit/s - tcpreplay)
-------------------------------------------------------------------
Date: 4/27/2014 -- 15:55:46 (uptime: 0d, 02h 00m 01s)
-------------------------------------------------------------------
Counter | TM Name | Value
-------------------------------------------------------------------
capture.kernel_packets | RxPcapeth21 | 119807497
capture.kernel_drops | RxPcapeth21 | 47781707
-------------------------------------------------------------------
Date: 5/4/2014 -- 23:39:52 (uptime: 0d, 02h 00m 01s)
-------------------------------------------------------------------
Counter | TM Name | Value
-------------------------------------------------------------------
capture.kernel_packets | RxPFR1 | 46011931
capture.kernel_drops | RxPFR1 | 0
Setup without modifications: 119.807.497
Setup with PF_RING: 46.011.931
Why is there such a wide difference between this two data? - Traffic and runtime was always the same.
I would appreciate your feedback,
Wolfgang