tcpdump mailing list archives

Re: Best OS / Distribution for gigabit capture?

From: Guy Harris <guy () alum mit edu>
Date: Sun, 6 Feb 2011 14:52:37 -0800


On Feb 5, 2011, at 11:20 PM, M. V. wrote:

as i mentioned in my previous mail, (with the title: "HUGE packet-drop") i'm 
having problem trying to dump gigabit traffic on harddisk with tcpdump on 
Debian5.0. i tried almost everything but got no success.


Did you try to check whether the memory-mapped "tpacket" mechanism was being used by libpcap?

From: Jesper Dangaard Brouer <hawk () comx dk>
Subject: Re: [tcpdump-workers] HUGE packet-drop
Date: January 31, 2011 10:56:22 AM PST
To: tcpdump-workers () lists tcpdump org

...

The easiest way to see if you are using the MMAPed version is to look in:
/proc/net/ptype

Your are using the MMAP version if the Function "tpacket_rcv" is listed (while
you perform a tcpdump). Notice the "t" in front of "packet_rcv", if the "t" is
missing, then you are using the old/normal version.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Best OS / Distribution for gigabit capture? M. V. (Feb 05)
- Re: Best OS / Distribution for gigabit capture? Guy Harris (Feb 06)
- Re: Best OS / Distribution for gigabit capture? Fabian Schneider (Feb 07)
  - Re: Best OS / Distribution for gigabit capture? Rick Jones (Feb 07)
- Re: Best OS / Distribution for gigabit capture? Darren Reed (Feb 07)
- <Possible follow-ups>
- Re: Best OS / Distribution for gigabit capture? M. V. (Feb 08)