From owner-freebsd-net@FreeBSD.ORG Mon Apr 28 08:58:06 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 3B6A5106566B
for <freebsd-net@freebsd.org>; Mon, 28 Apr 2008 08:58:06 +0000 (UTC)
(envelope-from ganbold@micom.mng.net)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
by mx1.freebsd.org (Postfix) with ESMTP id E7F838FC0A
for <freebsd-net@freebsd.org>; Mon, 28 Apr 2008 08:58:05 +0000 (UTC)
(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=daemon.micom.mng.net)
by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD))
(envelope-from <ganbold@micom.mng.net>)
id 1JqPBS-0001u6-T7; Mon, 28 Apr 2008 16:58:02 +0800
Message-ID: <4815919A.5070607@micom.mng.net>
Date: Mon, 28 Apr 2008 16:58:02 +0800
From: Ganbold <ganbold@micom.mng.net>
User-Agent: Thunderbird 2.0.0.12 (X11/20080304)
MIME-Version: 1.0
To: Vlad GALU <dudu@dudu.ro>
References: <48154EA2.6070105@micom.mng.net>
<ad79ad6b0804280101t12ccc191g3d4fe3e4ff2a7427@mail.gmail.com>
In-Reply-To: <ad79ad6b0804280101t12ccc191g3d4fe3e4ff2a7427@mail.gmail.com>
X-Enigmail-Version: 0.95.6
OpenPGP: id=78F6425E
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: capturing packets on 250mb link
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2008 08:58:06 -0000
Vlad,
Vlad GALU wrote:
> On 4/28/08, Ganbold <ganbold@micom.mng.net> wrote:
>
>> Hi all,
>>
>> What is the best way to capture packets on 250mb link?
>> What kernel features/modules or tools (less CPU/RAM overhead) should I use?
>>
>
> Given your OS version, I'd say that setting the BPF buffer size to
> around 1MB and setting the monitor flag on the capture interface would
> give you very good results. In that combination we've been doing
> packtet capture at gigabit speeds without packet loss.
>
Thanks Vlad. So then it means something like following will work in our
case:
#sysctl net.bpf.bufsize: 1048576
#ifconfig bge1 monitor up
#tcpdump -i bge1 -s0 -w capture.log -C 2048 -W 100
Correct me if I'm wrong here.
thanks,
Ganbold
>
>> I have FreeBSD 7.0-STABLE machine (
>> CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2822.51-MHz 686-class CPU),
>> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
>> 1GM RAM, ad2: 76319MB <Maxtor 6L080M0 BANC1G10> at ata1-master SATA150).
>>
>> #uname -an
>> FreeBSD ng1.micom.mng.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Apr 26
>> 14:08:06 ULAT 2008 tsgan@ng1.micom.mng.net:/usr/obj/usr/src/sys/NG i386
>>
>> #pciconf -lv|more
>> ...
>> bge0@pci0:2:0:0: class=0x020000 card=0x1659103c chip=0x165914e4
>> rev=0x11 hdr=0x00
>> vendor = 'Broadcom Corporation'
>> device = 'BCM5721 NetXtreme Gigabit Ethernet PCI Express'
>> class = network
>> subclass = ethernet
>> ...
>>
>> Are there any considerations on hardware?
>>
>> thanks in advance,
>>
>> Ganbold
>>
>> --
>> Cats, no less liquid than their shadows, offer no angles to the wind.
>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to
>> "freebsd-net-unsubscribe@freebsd.org"
>>
>>
>
>
>
--
Look out! Behind you!���