Garrett D'Amore writes: > > Yes, I believe the Wireshark case established that Wireshark should be > > the long-term solution to replace snoop. For the reason stated above, > > however, I don't think that can happen yet. In order for Wireshark to > > be on par with snoop with regards to performance, we need an in-kernel > > bpf that libpcap can take advantage of on Solaris (among other things). > > > > Can Wireshark be changed to make use of the pfmod we have in Solaris?
Sure. It's likely a lot of work, though, and clearly out of scope for this case. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
