North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: using sniffer on high-bandwidth pipes

  • From: Iljitsch van Beijnum
  • Date: Fri Dec 03 15:21:17 2004

On 3-dec-04, at 17:08, Steve Francis wrote:

It probably depends more on pps than bandwidth.
Although if you have very high bandwidth you may run into trouble with the PCI bus. 33 MHz 32 bit PCI can barely manage 1 Gbps, and that's withough taking overhead into account.

At a prior job, I used FreeBSD 4.x machines to capture over 400,000 pps, I think, on gigabit links.
I managed to do 600k with 32% CPU on a non-too-high-end machine two years ago. (Just taking the packets off the wire and running them through BPF, no processing, though.)

If you use BPF or pcap, don't forget to increase the capture buffer or you'll have overruns, and don't capture more of the packet than you need.