From owner-freebsd-net@FreeBSD.ORG  Sat Mar 25 09:16:23 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A341716A401
	for <freebsd-net@freebsd.org>; Sat, 25 Mar 2006 09:16:23 +0000 (UTC)
	(envelope-from regnauld@moof.catpipe.net)
Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3123543D45
	for <freebsd-net@freebsd.org>; Sat, 25 Mar 2006 09:16:23 +0000 (GMT)
	(envelope-from regnauld@moof.catpipe.net)
Received: from localhost (localhost [127.0.0.1])
	by localhost.catpipe.net (Postfix) with ESMTP
	id 3974C1B3DC; Sat, 25 Mar 2006 10:16:21 +0100 (CET)
Received: from moof.catpipe.net ([127.0.0.1])
	by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 96852-05; Sat, 25 Mar 2006 10:16:19 +0100 (CET)
Received: by moof.catpipe.net (Postfix, from userid 1001)
	id A4ED01B398; Sat, 25 Mar 2006 10:16:19 +0100 (CET)
Date: Sat, 25 Mar 2006 10:16:19 +0100
From: Phil Regnauld <regnauld@catpipe.net>
To: Charles Swiger <cswiger@mac.com>
Message-ID: <20060325091619.GA96723@moof.catpipe.net>
References: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com>
	<A636D985-E160-46D1-B6EA-4C868B7A88AF@mac.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <A636D985-E160-46D1-B6EA-4C868B7A88AF@mac.com>
X-Operating-System: FreeBSD 4.8-STABLE i386
Organization: catpipe Systems ApS
User-Agent: Mutt/1.5.6i
X-Virus-Scanned: amavisd-new at catpipe.net
Cc: Paul Haddad <paul.haddad@gmail.com>, freebsd-net@freebsd.org
Subject: Re: Non dropping packet monitor
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2006 09:16:23 -0000

Charles Swiger (cswiger) writes:
> >
> >Any suggestions?  Is there some pcap option that I need to look at?
> 
> If your dumps will fit into a RAM disk, use that, otherwise you're  
> presumably [1] going to be limited to how fast you can scribble the  
> packets to your disks.  Figure out the fastest you can do that, and  
> then use dummynet to limit your network bandwidth to what your system  
> is capable of capturing...

	I seem to remember that IPFlter has a facility for logging
	packets where it's possible to deny forwarding of packets
	if the process reading the logging socket has disappeared
	or isn't reading fast enough.  Am I wrong ?

	Phil