Wireshark, Microsoft pktmon, packet testing HD

more free articles at www.thetechfirm.com Packet Testing One of the more common questions I get asked is with regards to how efficient the various popular packet capture tools, and a new one compare. Specifically, how well can these utilities capture packets, and at what point do they start to drop packets? I compared Wireshark GUI, tshark, dumpcap and Microsoft’s pktmon utility on a windows platform. I would hypothesize that Wireshark and its command line tools would NOT fair better than Microsoft pktmon. My reasoning is that Wireshark requires npcap, which simplistically is another layer of software to contend with where pktmon does not require it. I used a Netscout Optiview XG Traffic generator to send 100,000 packets, record the results of 5 tests, drop the high/low value and average the remaining 3 values. The results were surprising because my theory seemed to be true. Depending on load and packet size Microsoft’s pktmon outperformed Wireshark. The goal of the exercise was to provide an example of baselining your tools and knowing their limits. Tony Fortunato is a Senior Network Performance Specialist with experience in training, design, implementation, and troubleshooting networks since 1989. https://www.thetefirm.com