Long Le wrote: > > Hi all, > > Does anyone have tips (other than increasing bpf size) for taking > tcpdump traces on a fairly high-speed link (say, 1-Gbps link) > without dropping too many packets?
Well, certainly, one has to have a disc subsystem that is as fast or faster than the data rate of the link. I suppose that using async, direct I/O might have some benefits - help keep the tcpdump process from blocking on a disc write when/if it manages to fill the buffer cache. But ultimately, the sustained rate of the trace has to be below the ustained limit of the disc/filesystem. If you were doing full 1514 byte snaplens, that means having a disc subsystem that can sustain ~125 MB/s... rick jones -- Wisdom Teeth are impacted, people are affected by the effects of events. these opinions are mine, all mine; HP might not want them anyway... :) feel free to post, OR email to raj in cup.hp.com but NOT BOTH... - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request@;tcpdump.org?body=unsubscribe
