Re: BPF/libpcap performance, was Re: Seg Fault

[Chris Green <cmg () uab edu>]

Erek Adams <erek () theadamsfamily net> writes:

> On Tue, 26 Feb 2002, Chris Green wrote:
>
> > FYI, its BPF/libpcap performance and not TCP stack performance that is the
> > issue when it comes to snort
>
> Ok, with that being said, here's a question:  Is it worth upgrading to another
> version of libpcap each time it comes out?  Or tracking it's CVS as well?

If you are running linux on your IDS stuff, its worth it for hearing
about the things they do to turbo packet stuff now and then.

> Along those lines, would there be any useful TCP/IP stack parameters to
> tune/change, or would that just be a waste of effort?

I'm sure there are things like memcaps for bpf and the like to set and
I'd love to see a good technical paper other than the winpcap one on
pcap performance's as well as tuning.

I'm also pretty sure one of the security websites would even pay a bit
for an article on tuning of pcap performance.

Most everything I've seen in the past few years ranks right above
voodoo.
-- 
Chris Green <cmg () uab edu>
Don't use a big word where a diminutive one will suffice.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users