Date: Fri, 8 Dec 2000 00:50:09 -0800 From: Guy Harris <gharris@flashcom.net> To: Alfred Perlstein <bright@wintelcom.net> Cc: Dragos Ruiu <dr@kyx.net>, tcpdump-workers@tcpdump.org, freebsd-hackers@FreeBSD.ORG, winpcap@netgroup-serv.polito.it Subject: Re: [tcpdump-workers] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <20001208005009.B352@quadrajet.flashcom.com> In-Reply-To: <20001207215142.H16205@fw.wintelcom.net>; from bright@wintelcom.net on Thu, Dec 07, 2000 at 09:51:42PM -0800 References: <0012072118150Q.09615@smp.kyx.net> <20001207215142.H16205@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 07, 2000 at 09:51:42PM -0800, Alfred Perlstein wrote: > I'm very curious how they managed to run "windump" on FreeBSD. Presumably they're referring to tcpdump there, as per the first paragraph in "2. Tests": This Section aims at giving some indications about the performance of the capture process on various operating systems. Results obtained under the various Windows platforms have been compared with the ones provided by BPF/libpcap/TCPdump in FreeBSD 3.3 in order to determine the goodness of our implementation. > Honestly, it really looks like the fault lies with the way tcpdump > writes to disk and not with FreeBSD. Perhaps. However, from my stracing of windump on NT 4 SP4 and trussing of tcpdump on FreeBSD 3.4, the only difference appears to be that tcpdump does 8K writes and windump does 4K writes.... Currently, I suspect that it lies with the BPF kernel buffer only being 32K; that's the most you can get on FreeBSD 3.x, but you can crank it up to 512KB on 4.x - libpcap on 4.x only sets it to 32K, though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001208005009.B352>