tcpdump mailing list archives

Re: Best OS / Distribution for gigabit capture?

From: Rick Jones <rick.jones2 () hp com>
Date: Mon, 07 Feb 2011 10:53:51 -0800

Fabian Schneider wrote:

Hi,

Regarding the OS we have done testing on this some five years ago. Back then
we found that FreeBSD performed better than Linux. Yet there have been
improvements proposed for both Linux (memory mapping, and Luca Deri's work)
and FreeBSD ("zero-copy BPF and Alexandre Fiveg's work). To get details just
google all this.

Yet, experience from operating a large scale packet capturing systems shows
that the biggest challenge usually is to have a disk system that is fast
enough to write the stream of packets to disk. You might want to check this
first. (e.g. you can run a Bonnie++ to see how fast your disk system is.)

And be certain to beat on the filesystem/disc with I/Os of the size that will becoming from your packet capturing...


rick jones
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Best OS / Distribution for gigabit capture? M. V. (Feb 05)
- Re: Best OS / Distribution for gigabit capture? Guy Harris (Feb 06)
- Re: Best OS / Distribution for gigabit capture? Fabian Schneider (Feb 07)
  - Re: Best OS / Distribution for gigabit capture? Rick Jones (Feb 07)
- Re: Best OS / Distribution for gigabit capture? Darren Reed (Feb 07)
- <Possible follow-ups>
- Re: Best OS / Distribution for gigabit capture? M. V. (Feb 08)