Hello netsniff-ng team! We recently discovered an issue with the default scatter-gather I/O: https://groups.google.com/d/topic/security-onion-testing/OuD7xt7nQuI/discussion
Questions: - Is it expected behavior for the default scatter-gather mode to wait several minutes before writing packets to disk if on a low-traffic network? - We're working around this by setting the "-c" option to disable scatter-gather mode when running on low-traffic networks. Is this the best workaround? - Is scatter-gather mode dependent on scatter-gather being enabled on the NIC? We currently disable NIC offloading features like this: post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done Thanks! -- Doug Burks http://securityonion.blogspot.com --
