From owner-freebsd-net@FreeBSD.ORG Mon Apr 28 09:05:47 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 210541065686 for ; Mon, 28 Apr 2008 09:05:47 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by mx1.freebsd.org (Postfix) with ESMTP id B83198FC25 for ; Mon, 28 Apr 2008 09:05:46 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: by fg-out-1718.google.com with SMTP id 16so5671717fgg.35 for ; Mon, 28 Apr 2008 02:05:45 -0700 (PDT) Received: by 10.82.107.3 with SMTP id f3mr3447878buc.87.1209373545338; Mon, 28 Apr 2008 02:05:45 -0700 (PDT) Received: by 10.82.185.8 with HTTP; Mon, 28 Apr 2008 02:05:45 -0700 (PDT) Message-ID: Date: Mon, 28 Apr 2008 12:05:45 +0300 From: "Vlad GALU" To: Ganbold In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48154EA2.6070105@micom.mng.net> <4815919A.5070607@micom.mng.net> Cc: freebsd-net@freebsd.org Subject: Re: capturing packets on 250mb link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 09:05:47 -0000 On 4/28/08, Vlad GALU wrote: > On 4/28/08, Ganbold wrote: > > Vlad, > > > > > > Vlad GALU wrote: > > > > > On 4/28/08, Ganbold wrote: > > > > > > > > > > Hi all, > > > > > > > > What is the best way to capture packets on 250mb link? > > > > What kernel features/modules or tools (less CPU/RAM overhead) should I > > use? > > > > > > > > > > > > > > Given your OS version, I'd say that setting the BPF buffer size to > > > around 1MB and setting the monitor flag on the capture interface would > > > give you very good results. In that combination we've been doing > > > packtet capture at gigabit speeds without packet loss. > > > > > > > > > > Thanks Vlad. So then it means something like following will work in our > > case: > > > > #sysctl net.bpf.bufsize: 1048576 > > #ifconfig bge1 monitor up > > #tcpdump -i bge1 -s0 -w capture.log -C 2048 -W 100 > > > > Correct me if I'm wrong here. > > > > Yes, it should do the job. However I can't understand why you want > a snaplen of 0, as 68 should be the minimum to accomodate the > ethernet+ip+tcp/udp headers. > Ah, I should have RTFM before. -- cut here -- Setting snaplen to 0 means use the required length to catch whole packets. -- and here -- > > > > > thanks, > > > > Ganbold > > > > > > > > > > > > > > > > I have FreeBSD 7.0-STABLE machine ( > > > > CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2822.51-MHz 686-class CPU), > > > > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs > > > > 1GM RAM, ad2: 76319MB at ata1-master > > SATA150). > > > > > > > > #uname -an > > > > FreeBSD ng1.micom.mng.net 7.0-STABLE FreeBSD 7.0-STABLE #3: Sat Apr 26 > > > > 14:08:06 ULAT 2008 tsgan@ng1.micom.mng.net:/usr/obj/usr/src/sys/NG > > i386 > > > > > > > > #pciconf -lv|more > > > > ... > > > > bge0@pci0:2:0:0: class=0x020000 card=0x1659103c chip=0x165914e4 > > > > rev=0x11 hdr=0x00 > > > > vendor = 'Broadcom Corporation' > > > > device = 'BCM5721 NetXtreme Gigabit Ethernet PCI Express' > > > > class = network > > > > subclass = ethernet > > > > ... > > > > > > > > Are there any considerations on hardware? > > > > > > > > thanks in advance, > > > > > > > > Ganbold > > > > > > > > -- > > > > Cats, no less liquid than their shadows, offer no angles to the wind. > > > > > > > > _______________________________________________ > > > > freebsd-net@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > > To unsubscribe, send any mail to > > > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Look out! Behind you! > > > > > > -- > ~/.signature: no such file or directory > -- ~/.signature: no such file or directory