I have two machines: TX and RX. RX runs a libpcap application to sniff out and receive traffic on a dedicated ethernet port.
TX transmits a continuous stream of UDP packets holding MPEG-TS.
Whether using the libpcap app or wireshark, every once in a while there is gap between received packets of almost 1 second.
I've tracked this down to something to do with ARP.
TX Machine
Running wireshark on the sender shows packets being sent at regular intervals:
RX Machine
Here's what wireshark shows on the receiver:
There is a 999ms gap in receiving the two packets just before the ICMP packet sent by the receiver.
The time gap is very consistent and presents with both Wireshark and compiled libpcap app written in C++. Time gap always just before ICMP is sent by RX.
The receiver must be fully promiscuous and faithfully capture and report what's on the wire.
Disabling the ICMP port unreachable messages by setting arp_ignore is not a solution; the sender cannot send any data without knowing the MAC address of RX.
Is this a problem with libpcap?
This seems like purely a receiver-side issue but much searching has not come up with any solution.
I need a faithful capture from the wire. Something to modify somewhere?
Reference
The libpcap app is using the latest version, 1.9.0. Wireshark says:
Running on Linux 4.4.127-1.el6.elrepo.i686, with locale en_US.UTF-8, with libpcap version 1.9.0-PRE-GIT (with TPACKET_V3), with libz 1.2.3, GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.