From owner-freebsd-performance@FreeBSD.ORG  Wed May 28 12:36:18 2003
Return-Path: <owner-freebsd-performance@FreeBSD.ORG>
Delivered-To: freebsd-performance@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D02B437B401
	for <freebsd-performance@freebsd.org>;
	Wed, 28 May 2003 12:36:18 -0700 (PDT)
Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net
	[65.70.175.250])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C2BAA43F3F
	for <freebsd-performance@freebsd.org>;
	Wed, 28 May 2003 12:36:15 -0700 (PDT)
	(envelope-from strgout@unixjunkie.com)
Received: from mail.unixjunkie.com (mail [10.253.254.36])
	by dmz2.unixjunkie.com (8.12.6p2/8.12.6) with ESMTP id h4SJsB6i039422
	for <freebsd-performance@freebsd.org>;
	Wed, 28 May 2003 14:54:11 -0500 (CDT)
	(envelope-from strgout@mail.unixjunkie.com)
Received: from mail.unixjunkie.com (mail [10.253.254.36])
	by mail.unixjunkie.com (8.12.6p2/8.12.6) with ESMTP id h4SJsAns039419
	for <freebsd-performance@freebsd.org>;
	Wed, 28 May 2003 14:54:10 -0500 (CDT)
	(envelope-from strgout@mail.unixjunkie.com)
Received: (from strgout@localhost)
	by mail.unixjunkie.com (8.12.6p2/8.12.6/Submit) id h4SJsArf039418
	for freebsd-performance@freebsd.org;
	Wed, 28 May 2003 14:54:10 -0500 (CDT)	(envelope-from strgout)
Date: Wed, 28 May 2003 14:54:10 -0500
From: John <strgout@unixjunkie.com>
To: freebsd-performance@freebsd.org
Message-ID: <20030528195410.GA39339@mail.unixjunkie.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-Mailman-Approved-At: Wed, 28 May 2003 12:38:55 -0700
Subject: Packet sniffer tweaks.
X-BeenThere: freebsd-performance@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Performance/tuning <freebsd-performance.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-performance>
List-Post: <mailto:freebsd-performance@freebsd.org>
List-Help: <mailto:freebsd-performance-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2003 19:36:19 -0000

So does anyone have any tips for creating a good packet sniffer system 
for something like snort or maybe ntop? I know irq usage is going to be high
(like around 2-4k/s) per interface, so would that lead me to using polling?
I'm also using fxp cards and found the link0 should help reduce the interrupt 
load on the cpu. So should this be used (with|instead of) polling etc etc.
btw i also found these sysctl vals.
debug.bpf_bufsize
debug.bpf_maxbufsize

Any input would be great, thanks!