I'm confused as to what is required for libpcap to use PF_RING. Most of the
hits I have seen while searching for this are ancient and refer to libpcap
0.8. Can anyone please provide a link or summarize what must be done for
libpcap to use PF_RING on a relatively modern Linux x86_64 system. I am in
On Thu, Aug 30, 2012 at 2:04 PM, Jakub Zawadzki
darkjames...@darkjames.plwrote:
On Thu, Aug 30, 2012 at 11:10:02AM -0700, Jim Lloyd wrote:
I'm confused as to what is required for libpcap to use PF_RING. Most of
the
hits I have seen while searching for this are ancient and refer to
libpcap
You want some kind of port
mirroringhttp://en.wikipedia.org/wiki/Port_mirroring
.
On Mon, Nov 1, 2010 at 8:57 PM, Andrej van der Zee
andrejvander...@gmail.com wrote:
Hi,
I am looking for a solution that sniffs all HTTP traffic to the
load-balancer in a multi-tier web application, but
On Tue, Sep 14, 2010 at 5:48 AM, Alexander Dupuy alex.du...@mac.com wrote:
Jim Lloyd writes:
These duplicate packets cannot be unique packets that were retransmitted
between the two machines on the layer 1 GigE link, because if there was a
significant increase in retransmission duplicates
in the worker threads. We do have cross-checks to ensure that the
total packet rate seen by the worker threads is consistent with the packet
rate seen by the main thread.
Thanks,
Jim Lloyd
Silver Tail Systems
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On Wed, Aug 25, 2010 at 2:14 AM, Guy Harris g...@alum.mit.edu wrote:
On Aug 23, 2010, at 3:54 PM, Jim Lloyd wrote:
What is the relationship between the socket receive buffer and the
mmap buffer? Does the mmap buffer replace the socket receive buffer,
Yes.
Cool.
I currently have my
On Sun, Aug 22, 2010 at 11:44 PM, Guy Harris g...@alum.mit.edu wrote:
On Aug 21, 2010, at 3:30 PM, Jim Lloyd wrote:
I have tested with the above logic while sniffing traffic on a GigE
ethernet
NIC (eth0) and on the loopback device (lo). The test machine is an 8-core
Opteron with 32Gb
. However, I wouldn't be
surprised if this is due to my TCP reconstruction code failing to handle
some rare corner case that handles with real TCP packets but does not happen
with loopback.
Thanks in advance for any insights.
Thanks,
Jim Lloyd
-
This is the tcpdump-workers list.
Visit https
On Thu, Mar 18, 2010 at 7:33 AM, Eloy Paris pe...@chapus.net wrote:
On 03/17/10 18:45, Guy Harris wrote:
On Mar 17, 2010, at 10:54 AM, Jim Lloyd wrote:
I've done some experimentation and determined that apparently I
must call pcap_activate before calling pcap_setfilter.
Yes
On Tue, Mar 16, 2010 at 4:40 PM, Jim Lloyd jll...@silvertailsystems.comwrote:
I have a working application using libpcap that doesn't always filter as I
expect. The application is designed to sniff http traffic, so the filter can
be as simple as tcp port 80. However, we allow sniffing multiple
and install the filter. Is there
any way to determine if a filter is being ignored?
Thanks,
Jim Lloyd
Silver Tail Systems
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On Sat, Feb 27, 2010 at 5:35 PM, Dustin Spicuzza dus...@virtualroadside.com
wrote:
Jim Lloyd wrote:
Over the last couple months we have developed and deployed into a
production
environment an application using libpcap, where we sniff upwards of
350Mbps
of HTTP traffic arriving via
to handle lower throughput under
valgrind, but it is bothersome that I don't seem to have any way for pcap to
tell me that it can't keep up.
Is this expected behavior, or is there something I am overlooking?
Thanks,
Jim Lloyd
Principal Architect
Silver Tail Systems
-
This is the tcpdump-workers list
13 matches
Mail list logo