On Wed, 24 Jan 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed)>, A wrote:
>A couple of years ago I setup a box to perform network monitoring.
>Somewhere in my readings on the subject I remember coming across a thing
>called "pf_ring" which I believe was a kernel patch which would allow
>for fewer dropped packets on a high bandwidth link.
When in doubt, your first stop should be any standard search engine.
Web Results 1 - 10 of about 14,700 for pf_ring. (0.29 seconds)
ntop - network top
PF_RING is a new type of network socket that dramatically improves the
packet ... PF_RING not only enables you to capture packets faster, it
also captures ...
www.ntop.org/PF_RING.html - 5k - Cached - Similar pages SourceForge.net:
Files
You have selected to download PF_RING Below is a list of releases and
files contained in this package. Before downloading, you may want to
read the Release ...
sourceforge.net/project/showfiles. php?group_id=17233&package_id=110128
- 20k - Cached - Similar pages RE: [Ntop-misc] PF_RING stuck
but you may want to look at some of the other pages below this on the
results list.
>Is this still best practice or is this no longer necessary? If I just
>use plain old libpcap is this adequate or are there some other advanced
>methods of avoiding packet loss?
Well, obviously, a lot is going to depend on your situation. How fast is
your network? 10 Megabit? 100? Gigabit? How big are the packets on
the wire? How big is the buffer on the NIC? How much traffic is on the
wire? How fast is your computer? What _else_ is it doing? (Running a
bloated GUI on the sniffer box probably isn't the best idea ever.) You
can get a quick measure by running tcpdump and looking to see how many
packets it reports dropping. Or you could kick the NIC into promiscuous
mode (man ifconfig) and then monitor the stats in the ifconfig output.
Old guy
Similar Threads
Linear Mode
