tcpdump mailing list archives
Re: Taking tcpdump traces on fairly high-speed links
From: Rick Jones <rick_jones2 () hp com>
Date: Tue, 29 Oct 2002 10:35:57 -0800
Long Le wrote:
Hi all, Does anyone have tips (other than increasing bpf size) for taking tcpdump traces on a fairly high-speed link (say, 1-Gbps link) without dropping too many packets?
Well, certainly, one has to have a disc subsystem that is as fast or faster than the data rate of the link. I suppose that using async, direct I/O might have some benefits - help keep the tcpdump process from blocking on a disc write when/if it manages to fill the buffer cache. But ultimately, the sustained rate of the trace has to be below the ustained limit of the disc/filesystem. If you were doing full 1514 byte snaplens, that means having a disc subsystem that can sustain ~125 MB/s... rick jones -- Wisdom Teeth are impacted, people are affected by the effects of events. these opinions are mine, all mine; HP might not want them anyway... :) feel free to post, OR email to raj in cup.hp.com but NOT BOTH... - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Taking tcpdump traces on fairly high-speed links Long Le (Oct 29)
- Re: Taking tcpdump traces on fairly high-speed links Rick Jones (Oct 29)