tcpdump mailing list archives
Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0
From: "lei wei" <weilei1983 () gmail com>
Date: Mon, 8 Sep 2008 09:27:54 -0400
Hi, By "unacceptable", I mean the number of packets that tcpdump processed was only a fraction of that of it received. I assume that "Number of Packets received by filter" are the packets were matched by the filter expression, so with a filter, tcpdump can only process 3984 out of 1091656 ip packets.... And also, the port I'm monitoring on is a mirror of the department building uplink, it should have a major component of ip packets. Hope it clearifies. Thanks. Lei On Mon, Sep 8, 2008 at 3:59 AM, <sthaug () nethelp no> wrote:
I'm currently doing packet capturing on a FreeBSD 7.0 system. I wasactuallyrunning my own pcap based program but found the performance was very bad when I added a simplefilteras "ip". So I tested tcpdump on the same machine. It turned out that the performance of tcpdumpwithout afilter expression is reasonably well, but turned to unacceptable when applying an "ip" filter.Please define "unacceptable".I guess it must have something to do with the libpcap0.9.8.. Below is some result I got. The version on the machine is tcpdump3.9.8 with libpcap0.9.8 1. tcpdump without filter: # tcpdump -i em1 -s 1500 -w dump.dat 433145 packets captured 448830 packets received by filter 0 packets dropped by kernel 2. tcpdump with filter: # tcpdump -i em1 -s 1500 -w dump.dat ip 3984 packets captured 1091656 packets received by filter 0 packets dropped by kernelThe statistics show 0 packets dropped. What is your problem here - are you saying that there are *more* IP packets (in the 1091656 packets received by the filter) than the 3984 packets captured? I run tcpdump on various FreeBSD 7 systems myself with no apparent problems. Steinar Haug, Nethelp consulting, sthaug () nethelp no
-- Wei, Lei Department of Computer Science University of North Carolina at Chapel Hill, NC 27599-3175 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 07)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- <Possible follow-ups>
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)