Hi,
Regarding the OS we have done testing on this some five years ago. Back then we
found that FreeBSD performed better than Linux. Yet there have been
improvements proposed for both Linux (memory mapping, and Luca Deri's work) and
FreeBSD ("zero-copy BPF and Alexandre Fiveg's work). To get details just google
all this.
Yet, experience from operating a large scale packet capturing systems shows
that the biggest challenge usually is to have a disk system that is fast enough
to write the stream of packets to disk. You might want to check this first.
(e.g. you can run a Bonnie++ to see how fast your disk system is.)
Best
Fabian
Sent from iPhone -> might be shorter than usual
Am 06.02.2011 um 08:20 schrieb "M. V." <bored_to_deat...@yahoo.com>:
> hi,
>
> as i mentioned in my previous mail, (with the title: "HUGE packet-drop") i'm
> having problem trying to dump gigabit traffic on harddisk with tcpdump on
> Debian5.0. i tried almost everything but got no success. so, i decided to
> start-over:
>
> *) if anyone has experience on successful gigabit capture, what combination
> of
> "Operating-System / Distribution / Kernel Version / libpcap version / ..." do
> you suggest for maximum zero-packet-loss capture?
>
> thank you.
>
>
>
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
