> -Original Message-
> From: Darren Reed [mailto:[EMAIL PROTECTED]
> Sent: lunedì 16 agosto 2004 17.39
> To: Fulvio Risso
> Cc: Darren Reed; tcpdump workers
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> Hi Fulvio,
>
> >
Hi Fulvio,
> Yes, it is harder.
> For instance, let's imagine you collected statistics based on the IP source
> address (e.g. byte count). You need something like a 10MB buffer (uhmmm,
> probably much more) to store data.
> Now, let's imagine you want to plot a snapshot of your stats every minute.
Hi Darren.
> -Original Message-
> From: Darren Reed [mailto:[EMAIL PROTECTED]
> Sent: sabato 14 agosto 2004 21.23
> To: Fulvio Risso
> Cc: tcpdump workers
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> Hi Fulvio,
>
> > >
Hi Fulvio,
> > What have you found that makes you say this ?
> > The simplicity in cpu cycle cost ?
>
> 1. simplicity
> 2. swappable buffers are very helpful if you plan to make statistics, not
> only packet capture.
> For instance, let's think about a system (like a NetFlow probe or something
>
t; <[EMAIL PROTECTED]>
Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
Date: Fri, 13 Aug 2004 09:45:31 -0700
> Hi,
>
>
> > In some email I received from Loris Degioanni, sie wrote:
> > > Other things:
> > > - modern network cards don't a
Hi,
> In some email I received from Loris Degioanni, sie wrote:
> > Other things:
> > - modern network cards don't almost do buffering. The memory inside the
> > board is usually few KB, and its purpose is providing the space for a
packet
> > or two. The actual buffering is done in the RAM of the
In some email I received from Loris Degioanni, sie wrote:
> Other things:
> - modern network cards don't almost do buffering. The memory inside the
> board is usually few KB, and its purpose is providing the space for a packet
> or two. The actual buffering is done in the RAM of the PC. What determ
Fulvio, Darren
>
> > > > Is the JIT code easily ported to other platforms ?
> > >
> > > Yes, as far as the platform is Intel ;-)
> >
> > That's fine with me :)
> > Do you have a URL for this ?
>
> http://winpcap.polito.it
> You'll find everything in the source pack.
> Cheers,
As Fulvio said, the
Hi Darren.
> -Original Message-
> From: Darren Reed [mailto:[EMAIL PROTECTED]
> Sent: lunedi 9 agosto 2004 12.21
> To: Fulvio Risso
> Cc: [EMAIL PROTECTED]
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> Hi Fulvio,
>
> &g
Hi Fulvio,
> Fulvio Risso, Loris Degioanni, An Architecture for High Performance Network
> Analysis, Proceedings of the 6th IEEE Symposium on Computers and
> Communications (ISCC 2001), pg. 686-693, Hammamet, Tunisia, July 2001.
Is there any way you can get this (and the other date info.) into th
Hi Darren.
> -Original Message-
> From: Darren Reed [mailto:[EMAIL PROTECTED]
> Sent: lunedi 9 agosto 2004 10.57
> To: Fulvio Risso
> Cc: [EMAIL PROTECTED]
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> [ Charset ISO-885
[ Charset ISO-8859-1 unsupported, converting... ]
> http://netgroup.polito.it/fulvio.risso/pubs/iscc01-wpcap.pdf
When was it published? There is no date...
Winpcap appears, by design, to be the same as BPF. If you reduced the
number of buffers in the ring used with NPF to 2 buffers, I suspect
Hi Darren.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Darren Reed
> Sent: domenica 8 agosto 2004 17.09
> To: [EMAIL PROTECTED]
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> In some email I
On Mon, Aug 09, 2004 at 12:21:18PM +1000, Darren Reed wrote:
> I did some similar work for bpf & mmap with NetBSD.
Yes, I saw those. The guy doing the FreeBSD work appears to be claiming
that he dropped fewer packets with his mapped access, but that might
just be a result of not time-stamping pac
In some email I received from Guy Harris, sie wrote:
> Also, speaking of capture speed and memory-mapped devices, there was a
> freebsd-hackers thread discussing a netgraph module providing
> memory-mapped access to captured packets:
I did some similar work for bpf & mmap with NetBSD. See:
http:
Also, speaking of capture speed and memory-mapped devices, there was a
freebsd-hackers thread discussing a netgraph module providing
memory-mapped access to captured packets:
http://docs.FreeBSD.org/cgi/mid.cgi?20040614124708.A22679
and other messages with the subject "memory mapped packe
On Sun, Aug 08, 2004 at 08:29:33AM +0200, Fulvio Risso wrote:
> If you take a look at this paper:
>
> F. Risso, L. Degioanni
> An architecture for high performance network analysis
>
> http://ieeexplore.ieee.org/iel5/7446/20240/00935450.pdf?tp=&arnumber=935450&;
> isnumber=20240&arSt=686&ared
On Mon, Aug 09, 2004 at 01:08:49AM +1000, Darren Reed wrote:
> In some email I received from Fulvio Risso, sie wrote:
> > Darren, could you please give us some numbers?
> > If you take a look at this paper:
> >
> > F. Risso, L. Degioanni
> > An architecture for high performance network analysi
In some email I received from Fulvio Risso, sie wrote:
> Darren, could you please give us some numbers?
> If you take a look at this paper:
>
> F. Risso, L. Degioanni
> An architecture for high performance network analysis
>
> http://ieeexplore.ieee.org/iel5/7446/20240/00935450.pdf?tp=&arnumb
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Darren Reed
> Sent: sabato 7 agosto 2004 13.19
> To: [EMAIL PROTECTED]
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> In some email I received from
In some email I received from Motonori Shindo, sie wrote:
> Hi,
>
> I'm involved in a project to do some network traffic analysis. One of
> the goals of this project is to identify an equipment that is
> supposedly dropping packets. My idea to achieve this goal is to
> capture traffic by tcpdump a
Hi,
I'm involved in a project to do some network traffic analysis. One of
the goals of this project is to identify an equipment that is
supposedly dropping packets. My idea to achieve this goal is to
capture traffic by tcpdump at both sides of equipment in question and
compare them to determine wh
22 matches
Mail list logo
