using sniffer on high-bandwidth pipes

• Previous message (by thread): using sniffer on high-bandwidth pipes
• Next message (by thread): using sniffer on high-bandwidth pipes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3-dec-04, at 17:08, Steve Francis wrote:

> It probably depends more on pps than bandwidth.

Although if you have very high bandwidth you may run into trouble with 
the PCI bus. 33 MHz 32 bit PCI can barely manage 1 Gbps, and that's 
withough taking overhead into account.

> At a prior job, I used FreeBSD 4.x machines to capture over 400,000 
> pps, I think, on gigabit links.

I managed to do 600k with 32% CPU on a non-too-high-end machine two 
years ago. (Just taking the packets off the wire and running them 
through BPF, no processing, though.)

If you use BPF or pcap, don't forget to increase the capture buffer or 
you'll have overruns, and don't capture more of the packet than you 
need.

• Previous message (by thread): using sniffer on high-bandwidth pipes
• Next message (by thread): using sniffer on high-bandwidth pipes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]