Non dropping packet monitor
Charles Swiger
cswiger at mac.com
Fri Mar 24 23:17:31 UTC 2006
On Mar 24, 2006, at 5:46 PM, Paul Haddad wrote:
> I need to monitor packets flowing in/out of a freebsd 6.x box in a
> tcpdump/pcap (monitor only) style but I can't have packets dropped as
> tcpdump often does when its buffer fills up.
>
> I'm fine if the entire network connection slows down because of this,
> the important thing is that I can get access to each and every packet
> on a given interface.
>
> Any suggestions? Is there some pcap option that I need to look at?
If your dumps will fit into a RAM disk, use that, otherwise you're
presumably [1] going to be limited to how fast you can scribble the
packets to your disks. Figure out the fastest you can do that, and
then use dummynet to limit your network bandwidth to what your system
is capable of capturing...
--
-Chuck
[1]: If you're capturing all of the packets, your PCAP expression
shouldn't require much work to process, so you shouldn't be using a
ton of CPU...
More information about the freebsd-net
mailing list