hi guys,
i'm stucked with a confusing problem. i'm trying to dump gigabit network
traffic
to file. i'm using Debian5.0.3 AMD64 on an HP Proliant DL360 G5 (2*Quad-Core
2.33 hz - 4GiB RAM - 2*76GiB HardDisk). but whatever i try, even at 600Mbps
rate, i got a huge packet-drop.
*) i tried both tcpdump (1.1.1) && dumpcap (1.4.3) : (got similar results)
- dumpcap -i eth0 -w /dump_folder/dump.pcap [-b filesize:150000] -s 0
- tcpdump -i eth0 -w /dump_folder/dump.pcap -s 0
*) i tried recompiling those two, with different libpcap versions (0.9.8 has
best result, and i tried 1.0 and .1.1.1)
*) i tried playing with kernel parameters:
net.core.rmem_default = 40971510
net.core.rmem_max = 40971510
net.core.wmem_default = 40971510
net.core.wmem_max = 40971510
net.core.netdev_max_backlog = 300000
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.optmem_max = 2048000
....
*) i even tried writing on different disks (SDD, RamDisk): no change in results.
-----------------------------------------------------------------------------------------
the result is not good at all. these are my tests and results:
* iperf server: iperf -s -u 5
* iperf client : iperf -c ... -u -b 600m -t 10000
for dumping traffic at 600Mbps for 150 seconds, this is the best result i had
so
far:
total received packets: ~8,000,000
dropped packets: ~3,500,000
so my best result is more than 40% packet-drop, which is a disaster.
can anyone help me with this? any suggestions? am i doing something terribly
wrong?
thank you.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
