Hello all, I'm currently doing packet capturing on a FreeBSD 7.0 system. I was actually running my own pcap based program but found the performance was very bad when I added a simple filter as "ip". So I tested tcpdump on the same machine. It turned out that the performance of tcpdump without a filter expression is reasonably well, but turned to unacceptable when applying an "ip" filter. I guess it must have something to do with the libpcap0.9.8.. Below is some result I got. The version on the machine is tcpdump3.9.8 with libpcap0.9.8
1. tcpdump without filter: # tcpdump -i em1 -s 1500 -w dump.dat 433145 packets captured 448830 packets received by filter 0 packets dropped by kernel 2. tcpdump with filter: # tcpdump -i em1 -s 1500 -w dump.dat ip 3984 packets captured 1091656 packets received by filter 0 packets dropped by kernel Interestingly, on an older FreeBSD 6.0 system with tcpdump3.9.1 and libpcap0.9.1, the performance of tcpdump with filter is much better than the other, being able to capture 80% of the packets received by filter. Can anybody shed some light on this problem? Thank you very much! Lei - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
