Chuck Swiger wrote:

Check sysctl debug.bpf_bufsize, but also do a search on this because there may be a patch needed for PCAP in order for buffers larger than 32K to actually work. [1]

Hmmm....

sysctl debug.bpf_bufsize
sysctl: unknown oid 'debug.bpf_bufsize'

sysctl -a | grep bufsize
net.bpf.maxbufsize: 524288
net.bpf.bufsize: 4096

I assume bufsize is the default? And maxbufsize is as high as it can go? So it defaults to 4 megs and maxes out at 512 megs? If true, how would I go about calculating a sufficiently large maxbufsize? If I have approximate 150Mbps traffic, how much has to be held in the buffer?

--
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to