There are a lot of dedicated hardware-based packet capture devices available that can capture at 1Gb and 10Gb line rate. These hardware-based devices are designed with real-time Operating Systems, and specialized ASIC NICs with large buffer spaces to write to disk. This method of acquiring packets guarantees that you will catch all of the bits going across the wire without dropping any of them. These are among the best to use when capturing on a very busy network, however, they come at a higher cost for a good reason.
When looking at the long list of options for capturing packets, most analysts prefer to use a laptop coupled with Wireshark. The simple fact is that a laptop with Wireshark is convenient, it’s also very portable, cost-effective, and easy enough to use for an analyst. The problem though is that most laptops and Operating Systems cannot capture at full line rate on a busy network.
However, what if there is a slightly better-performing Operating System out there? RTOS or better known as Real-Time Operating System in Ubuntu kernel is perfect for those demanding low-latency requirements. Ubuntu LTS with Real-Time capability can be a possible solution for low-latency captures. Today, I will evaluate Wireshark on Ubuntu LTS with Real-Time enabled.
Follow along with me as I use a Netscout Optiview XG traffic generator and blast unicast frames against our laptop with Ubuntu Linux RTOS. We will test different frame sizes, utilization, data rates, and see how well it will perform under various conditions. We will also examine at what data rates our Ubuntu Linux RTOS will begin dropping packets and compare those against our Ubuntu Linux running in normal run-time kernel.
Carlo Zakarian is a network engineer with over 15yrs experience in the networking implementation, design, and diagnostics field specializing in LAN, WAN, and Wireless. Owner of NetFocus Technologies, an IT Managed consulting firm based in Chicago, specializes in setting up, configuring, diagnosing software, hardware, and network infrastructure.
Carlo Zakarian is experienced in network packet level analysis, application performance and network diagnostics. Expertise includes using commercial tools from Fluke Networks, NetScout, NetAlly, and ProfiTap to locate and fix network chaos. He can be reached via his website at https://www.NetFocusTech.com.
