tcpdump mailing list archives

Re: how to make the sniffer quicker?

From: Mike Kershaw <dragorn () nerv-un net>
Date: Wed, 17 Jan 2007 14:31:08 -0500

On Wed, Jan 17, 2007 at 11:44:26AM -0600, David Young wrote:

My problem is: the sniffer is too slow.


How fast is your computer?  Do you use a Prism radio?  A host has to read
packets from the Prism II/2.5 radios using programmed I/O, which is slow.

When I'm flooding the receiver with pings, using the linux command ping
-f, if I send X in one second I cannot get this number of packets in the
sniffer, I always get less, around the 10%.


At what rate does the sniffer receive packets?  Could it be that ping
-f produces packets faster than the radio can transmit them?  That is,
the packets may be dropped on the sender side.


The most effective card I've encountered so far for Linux for 802.11
sniffing, as far as pure data rates, is the prism54.  I've topped out at
around 4900 packets per second, or about 3MBit - effective data
saturation of the 802.11 channel.  The point about PIO is very apt -
the PIO prism2/aironet drivers would usually top out around 300-400k/s,
11b channel saturation should be in the 800-900k/s range.

Of course, getting the prism54 card is a little harder now since they're not
made anymore as far as I know.

Other cardbus 11g cards OUGHT to show similar performance, but I've seen
some weird things with madwifi and high-rate traffic.  It's very
dependent on the chipset handling high data rates cleanly, and on the
driver doing DMA properly to dump the frames out to the OS before the
card buffer fills.

* Note - this was also in rfmon, not in normal operation mode.  This
means my tests weren't waiting for ACK sequences to complete in the
firmware to rx data, etc.

-m

-- 
Mike Kershaw/Dragorn <dragorn () kismetwireless net>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381  A661 D7B2 8822 738B BDB1

Some people call them "cars" or "trucks"; I call them "dimensional
transmogrifiers" because they change three-dimensional cats into
two-dimensional ones.
                -- F. Frederick Skitty

Attachment: _bin
Description:

Current thread:

how to make the sniffer quicker? David Lopez (Jan 17)
- Re: how to make the sniffer quicker? Asier Martinez (Jan 17)
- Re: how to make the sniffer quicker? David Young (Jan 17)
  - Re: how to make the sniffer quicker? Mike Kershaw (Jan 17)