From owner-freebsd-net@FreeBSD.ORG  Mon Apr 28 08:58:06 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B6A5106566B
	for <freebsd-net@freebsd.org>; Mon, 28 Apr 2008 08:58:06 +0000 (UTC)
	(envelope-from ganbold@micom.mng.net)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
	by mx1.freebsd.org (Postfix) with ESMTP id E7F838FC0A
	for <freebsd-net@freebsd.org>; Mon, 28 Apr 2008 08:58:05 +0000 (UTC)
	(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=daemon.micom.mng.net)
	by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD))
	(envelope-from <ganbold@micom.mng.net>)
	id 1JqPBS-0001u6-T7; Mon, 28 Apr 2008 16:58:02 +0800
Message-ID: <4815919A.5070607@micom.mng.net>
Date: Mon, 28 Apr 2008 16:58:02 +0800
From: Ganbold <ganbold@micom.mng.net>
User-Agent: Thunderbird 2.0.0.12 (X11/20080304)
MIME-Version: 1.0
To: Vlad GALU <dudu@dudu.ro>
References: <48154EA2.6070105@micom.mng.net>
	<ad79ad6b0804280101t12ccc191g3d4fe3e4ff2a7427@mail.gmail.com>
In-Reply-To: <ad79ad6b0804280101t12ccc191g3d4fe3e4ff2a7427@mail.gmail.com>
X-Enigmail-Version: 0.95.6
OpenPGP: id=78F6425E
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: capturing packets on 250mb link
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2008 08:58:06 -0000

Vlad,


Vlad GALU wrote:
> On 4/28/08, Ganbold <ganbold@micom.mng.net> wrote:
>   
>> Hi all,
>>
>>  What is the best way to capture packets on 250mb link?
>>  What kernel features/modules or tools (less CPU/RAM overhead) should I use?
>>     
>
>     Given your OS version, I'd say that setting the BPF buffer size to
> around 1MB and setting the monitor flag on the capture interface would
> give you very good results. In that combination we've been doing
> packtet capture at gigabit speeds without packet loss.
>   

Thanks Vlad. So then it means something like following will work in our 
case:

#sysctl net.bpf.bufsize: 1048576
#ifconfig bge1 monitor up
#tcpdump -i bge1 -s0 -w capture.log -C 2048 -W 100

Correct me if I'm wrong here.

thanks,

Ganbold


>   
>>  I have FreeBSD 7.0-STABLE machine (
>>  CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2822.51-MHz 686-class CPU),
>>  FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
>>  1GM RAM, ad2: 76319MB <Maxtor 6L080M0 BANC1G10> at ata1-master SATA150).
>>
>>  #uname -an
>>  FreeBSD ng1.micom.mng.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Apr 26
>> 14:08:06 ULAT 2008     tsgan@ng1.micom.mng.net:/usr/obj/usr/src/sys/NG  i386
>>
>>  #pciconf -lv|more
>>  ...
>>  bge0@pci0:2:0:0:        class=0x020000 card=0x1659103c chip=0x165914e4
>> rev=0x11 hdr=0x00
>>    vendor     = 'Broadcom Corporation'
>>    device     = 'BCM5721 NetXtreme Gigabit Ethernet PCI Express'
>>    class      = network
>>    subclass   = ethernet
>>  ...
>>
>>  Are there any considerations on hardware?
>>
>>  thanks in advance,
>>
>>  Ganbold
>>
>>  --
>>  Cats, no less liquid than their shadows, offer no angles to the wind.
>>
>>  _______________________________________________
>>  freebsd-net@freebsd.org mailing list
>>  http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>  To unsubscribe, send any mail to
>> "freebsd-net-unsubscribe@freebsd.org"
>>
>>     
>
>
>   


-- 
Look out! Behind you!