Packet sniffer tweaks.
strgout at unixjunkie.com
Wed May 28 12:36:19 PDT 2003
So does anyone have any tips for creating a good packet sniffer system
for something like snort or maybe ntop? I know irq usage is going to be high
(like around 2-4k/s) per interface, so would that lead me to using polling?
I'm also using fxp cards and found the link0 should help reduce the interrupt
load on the cpu. So should this be used (with|instead of) polling etc etc.
btw i also found these sysctl vals.
Any input would be great, thanks!
More information about the freebsd-performance