Packet sniffer tweaks.

John strgout at
Wed May 28 12:36:19 PDT 2003

So does anyone have any tips for creating a good packet sniffer system 
for something like snort or maybe ntop? I know irq usage is going to be high
(like around 2-4k/s) per interface, so would that lead me to using polling?
I'm also using fxp cards and found the link0 should help reduce the interrupt 
load on the cpu. So should this be used (with|instead of) polling etc etc.
btw i also found these sysctl vals.

Any input would be great, thanks!

More information about the freebsd-performance mailing list