performance considerations

[alex medvedev <alexm () pycckue org>]

Hi,

i'm building a list of tunable parameters for capturing packets using
libpcap.
the goal is to have as little dropped packets as possible.
i have these assumptions:
- the capture is done on a very busy ethernet network [infinitely busy];
- the user is stuck with an OS (say FreeBSD);
- the user cannot recompile the kernel [has to use stock];
- the user may purchase and install new expensive hardware [CPU, Memory,
network card, ...]

so far i have the following (tcpdump as an example app):

1. use -n with tcpdump to stop DNS lookups;
2. use BPF not DLPI; <-- more info on this would be appreciated
3. use shorter snap length;
4. set higher priority of the tcpdump process;
5. use -w to dump to a file [as opposed to screen];
6. use less -v flags when dumping to screen;
7. use simpler filter expression;
8. dump to locally attached storage [as opposed to NFS];
9. tune OS' send/recv buffers;
10. tune network adapter's send/recv buffers.

i'd appreciate if people could critique the above and contribute more
options to further decrease the number of dropped packets.

thank you,

-alexm
19:47 12/09/2004

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.