Re: Best OS / Distribution for gigabit capture?

[Fabian Schneider <schneifa () net in tum de>]

Hi,

Regarding the OS we have done testing on this some five years ago. Back then we found that FreeBSD performed better 
than Linux. Yet there have been improvements proposed for both Linux (memory mapping, and Luca Deri's work) and FreeBSD 
("zero-copy BPF and Alexandre Fiveg's work). To get details just google all this.

Yet, experience from operating a large scale packet capturing systems shows that the biggest challenge usually is to 
have a disk system that is fast enough to write the stream of packets to disk. You might want to check this first. 
(e.g. you can run a Bonnie++ to see how fast your disk system is.)

 Best
Fabian

Sent from iPhone -> might be shorter than usual

Am 06.02.2011 um 08:20 schrieb "M. V." <bored_to_death85 () yahoo com>:

> hi,
>
> as i mentioned in my previous mail, (with the title: "HUGE packet-drop") i'm 
> having problem trying to dump gigabit traffic on harddisk with tcpdump on 
> Debian5.0. i tried almost everything but got no success. so, i decided to 
> start-over:
>
> *) if anyone has experience on successful gigabit capture, what combination of 
> "Operating-System / Distribution / Kernel Version / libpcap version / ..." do 
> you suggest for maximum zero-packet-loss capture?
>
> thank you.
>
>
>
>      -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.