On Sat, Sep 15, 2001 at 12:47:12PM +0430, Mehdi Kianpour wrote:
> In the paper titled: Development of an Architecture for Packet Capture
> and Network Traffic Analysis found in
> http://netgroup-serv.polito.it/winpcap/docs/default.htm
> <http://netgroup-serv.polito.it/winpcap/docs/default.htm> the author
> counts some advantages of wpcap over libpcap.
Libpcap and WinPcap are best thought of as a layer atop a native packet
capture mechanism, providing a platform-independent interface to the
different capture mechanisms provided on different platforms.
As such, the performance comparison section is more of a comparison of
the FreeBSD version of BPF and the WinPcap driver - and also of the file
systems and I/O mechanisms of FreeBSD and various versions of Windows,
as, in in the third test, the captured packets were written to a file.
The results of the comparison might be different if libpcap is tested on
a different flavor of UNIX; it might be interesting to see what happens
on, for example, a Linux system with a 2.2 or later kernel and with
socket filtering enabled (so that the filter is evaluated in the kernel
on both platforms, and packets that don't pass the filter aren't copied
up to userland), or on OpenBSD (which has some changes to BPF that might
make a difference).
> For example, it's said
> that windump will work better than tcpdump in a bursty traffic. Do you
> believe in these claims? Although I've tested this and it doesn't seem
> to be true.
What were the tests you did, on what OSes did you run your tests, and
what were the results?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
