tcpdump mailing list archives

Re: Best OS / Distribution for gigabit capture?

From: "M. V." <bored_to_death85 () yahoo com>
Date: Tue, 8 Feb 2011 00:53:25 -0800 (PST)

as i mentioned in my previous mail, (with the title: "HUGE packet-drop") i'm
having problem trying to dump gigabit traffic on harddisk with tcpdump on
Debian5.0. i tried almost everything but got no success. so, i decided to
start-over:

*) if anyone has experience on successful gigabit capture, what combination

of

"Operating-System / Distribution / Kernel Version / libpcap version / ..." do
you suggest for maximum zero-packet-loss capture?

What are you going to do with the packets?
Can you process the packets that you capture with few enough
CPU cycles that you never cause backlog?


hi,

right now, no (extra) process is being done on packets. tcpdump (or dumpcap) 
simply dumps received packets (whole packet, with s = 0) into file(s). my HP 
server's HDD performance is good, and i also tried dumping on SSD and RAMDisk 
and i increased kernel buffer-sizes,  but my best zero-packet-loss result is 
something about 350Mbps (this result is with libpcap-0.9.8. i got much worse 
results with libpcap-1.0+).



      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Best OS / Distribution for gigabit capture? M. V. (Feb 05)
- Re: Best OS / Distribution for gigabit capture? Guy Harris (Feb 06)
- Re: Best OS / Distribution for gigabit capture? Fabian Schneider (Feb 07)
  - Re: Best OS / Distribution for gigabit capture? Rick Jones (Feb 07)
- Re: Best OS / Distribution for gigabit capture? Darren Reed (Feb 07)
- <Possible follow-ups>
- Re: Best OS / Distribution for gigabit capture? M. V. (Feb 08)