1- why does tcpdump don't get the same amount of packets as a regularKeep in mind that Sniffer's Distributed and Portable (dolch-based) boxes perform gigabit capture to a memory buffer *on the gigabit card itself*. The card is actually running quite a bit of Sniffer code, including performing packet filtering, expert analysis, and statistical calculation functions within ASICs on the card. The packets never pass across the bus until after you stop the capture (which transfers extremely slowly). You're not comparing apples-to-apples here.
sniffer (Dolch for instance) I am using one of the best gigabit card on the
market I should get the same result. BTW the altheon card can be driven to
wire speed, I saw it on an Auspex.
However, Sniffer's Infinistream product is able to capture packets *to disk* at near- full-duplex gigabit speeds without dropping packets with what is essentially high-end PC hardware, and Niksun's and NI's latest offerings allow half-duplex gigabit-rate data capture to system RAM without packet drops using essentially off-the-shelf PC parts, so I'd imagine what you're trying to do wouldn't necessarily be a *hardware* bottleneck.
I'm not sure that I can offer much advice here, but I'm curious - can you provide more details on the hardware and throughput/packet rates that you were using during your test?
Ian
