From owner-freebsd-hackers Fri Dec 8 0:50:13 2000 From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 8 00:50:11 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from c014.sfo.cp.net (c014-h017.c014.sfo.cp.net [209.228.12.81]) by hub.freebsd.org (Postfix) with SMTP id 363C837B400 for ; Fri, 8 Dec 2000 00:50:11 -0800 (PST) Received: (cpmta 799 invoked from network); 8 Dec 2000 00:50:10 -0800 Received: from d8c81e5f.dsl.flashcom.net (HELO quadrajet.flashcom.com) (216.200.30.95) by smtp.flashcom.net (209.228.12.81) with SMTP; 8 Dec 2000 00:50:10 -0800 X-Sent: 8 Dec 2000 08:50:10 GMT Received: (from guy@localhost) by quadrajet.flashcom.com (8.9.3/8.9.3) id AAA00442; Fri, 8 Dec 2000 00:50:09 -0800 (PST) (envelope-from gharris) Date: Fri, 8 Dec 2000 00:50:09 -0800 From: Guy Harris To: Alfred Perlstein Cc: Dragos Ruiu , tcpdump-workers@tcpdump.org, freebsd-hackers@FreeBSD.ORG, winpcap@netgroup-serv.polito.it Subject: Re: [tcpdump-workers] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <20001208005009.B352@quadrajet.flashcom.com> References: <0012072118150Q.09615@smp.kyx.net> <20001207215142.H16205@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20001207215142.H16205@fw.wintelcom.net>; from bright@wintelcom.net on Thu, Dec 07, 2000 at 09:51:42PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 07, 2000 at 09:51:42PM -0800, Alfred Perlstein wrote: > I'm very curious how they managed to run "windump" on FreeBSD. Presumably they're referring to tcpdump there, as per the first paragraph in "2. Tests": This Section aims at giving some indications about the performance of the capture process on various operating systems. Results obtained under the various Windows platforms have been compared with the ones provided by BPF/libpcap/TCPdump in FreeBSD 3.3 in order to determine the goodness of our implementation. > Honestly, it really looks like the fault lies with the way tcpdump > writes to disk and not with FreeBSD. Perhaps. However, from my stracing of windump on NT 4 SP4 and trussing of tcpdump on FreeBSD 3.4, the only difference appears to be that tcpdump does 8K writes and windump does 4K writes.... Currently, I suspect that it lies with the BPF kernel buffer only being 32K; that's the most you can get on FreeBSD 3.x, but you can crank it up to 512KB on 4.x - libpcap on 4.x only sets it to 32K, though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message