Chuck Swiger wrote:
Check sysctl debug.bpf_bufsize, but also do a search on this because there may be a patch needed for PCAP in order for buffers larger than 32K to actually work. 
Hmmm.... sysctl debug.bpf_bufsize sysctl: unknown oid 'debug.bpf_bufsize' sysctl -a | grep bufsize net.bpf.maxbufsize: 524288 net.bpf.bufsize: 4096I assume bufsize is the default? And maxbufsize is as high as it can go? So it defaults to 4 megs and maxes out at 512 megs? If true, how would I go about calculating a sufficiently large maxbufsize? If I have approximate 150Mbps traffic, how much has to be held in the buffer?
-- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Description: S/MIME Cryptographic Signature