From owner-freebsd-net@FreeBSD.ORG Mon Apr 28 09:02:58 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3B841065672 for ; Mon, 28 Apr 2008 09:02:58 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188]) by mx1.freebsd.org (Postfix) with ESMTP id 47DF48FC17 for ; Mon, 28 Apr 2008 09:02:58 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: by fk-out-0910.google.com with SMTP id b27so7106210fka.11 for ; Mon, 28 Apr 2008 02:02:57 -0700 (PDT) Received: by 10.82.145.7 with SMTP id s7mr3453677bud.81.1209373376095; Mon, 28 Apr 2008 02:02:56 -0700 (PDT) Received: by 10.82.185.8 with HTTP; Mon, 28 Apr 2008 02:02:56 -0700 (PDT) Message-ID: Date: Mon, 28 Apr 2008 12:02:56 +0300 From: "Vlad GALU" To: Ganbold In-Reply-To: <4815919A.5070607@micom.mng.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48154EA2.6070105@micom.mng.net> <4815919A.5070607@micom.mng.net> Cc: freebsd-net@freebsd.org Subject: Re: capturing packets on 250mb link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 09:02:58 -0000 On 4/28/08, Ganbold wrote: > Vlad, > > > Vlad GALU wrote: > > > On 4/28/08, Ganbold wrote: > > > > > > > Hi all, > > > > > > What is the best way to capture packets on 250mb link? > > > What kernel features/modules or tools (less CPU/RAM overhead) should I > use? > > > > > > > > > > Given your OS version, I'd say that setting the BPF buffer size to > > around 1MB and setting the monitor flag on the capture interface would > > give you very good results. In that combination we've been doing > > packtet capture at gigabit speeds without packet loss. > > > > > > Thanks Vlad. So then it means something like following will work in our > case: > > #sysctl net.bpf.bufsize: 1048576 > #ifconfig bge1 monitor up > #tcpdump -i bge1 -s0 -w capture.log -C 2048 -W 100 > > Correct me if I'm wrong here. Yes, it should do the job. However I can't understand why you want a snaplen of 0, as 68 should be the minimum to accomodate the ethernet+ip+tcp/udp headers. > > thanks, > > Ganbold > > > > > > > > > > I have FreeBSD 7.0-STABLE machine ( > > > CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2822.51-MHz 686-class CPU), > > > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > > > 1GM RAM, ad2: 76319MB at ata1-master > SATA150). > > > > > > #uname -an > > > FreeBSD ng1.micom.mng.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Apr 26 > > > 14:08:06 ULAT 2008 tsgan@ng1.micom.mng.net:/usr/obj/usr/src/sys/NG > i386 > > > > > > #pciconf -lv|more > > > ... > > > bge0@pci0:2:0:0: class=0x020000 card=0x1659103c chip=0x165914e4 > > > rev=0x11 hdr=0x00 > > > vendor = 'Broadcom Corporation' > > > device = 'BCM5721 NetXtreme Gigabit Ethernet PCI Express' > > > class = network > > > subclass = ethernet > > > ... > > > > > > Are there any considerations on hardware? > > > > > > thanks in advance, > > > > > > Ganbold > > > > > > -- > > > Cats, no less liquid than their shadows, offer no angles to the wind. > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to > > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > > > > -- > Look out! Behind you! > -- ~/.signature: no such file or directory