[Ian Schorr <spamcontrol2@xxxxxxxxxxx>]

I've posted on this near the beginning of the year, but in testing I  
did at the time I was getting capture rates of around 45MB/s *to disk*  
with relatively modest hardware (i.e. $1000-$1400 of parts, including  
gig NIC), though packet drops didn't occur at a ceiling, they seemed to  
scale and slowly get worse as I increased data, starting at around  
15MB/s.

I imagine pinpointing the source of my drops and coming up with a more  
capable disk subsystem, I'd probably be able to capture data at  
significantly higher disks.

I did no performance testing to an in-RAM buffer or RAM disk.  I did do  
some Linux capture tests to /dev/null, though I'm ignoring those  
results for the time being.

(How much capture buffer do those new 10Gb NICs have?  I remember  
thinking they were going to handle up to 1GB, though no one seemed to  
understand why I was concerned that it'd only be able to capture less  
than a second's worth of traffic at line rate...)

Ian

On Oct 7, 2003, at 10:58 PM, Eichert, Diana wrote:

> Yeah, I didn't mention the distributed aspect of DS as it didn't
> seem like it was this guys problem.
>
> We just got in one of the 10Gb Sniffer boxes at work the other
> day.  Pushing packets through it with a Spirent Smartbits
> tester we were able to capture at almost line rate.  Of course
> you can't do that very long as it fills up the memory buffer.
>
> One of the things I saw with NAI Sniffer was their lower dropped
> packet rates on a high usage GigE interface because they provide
> custom drivers for the NICs they support.  I added a "-q" switch
> to tethereal to help with this issue, it was incorporated into
> ethereal on 3/22/2002.
> http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/tethereal.c.diff? 
> r1=1.1
> 32&r2=1.133
> I never got around to modifying the Ethereal GUI to support
> "quiet" operation during capture.  Tethereal is good enough for
> my needs.
>
> I'm curious to know what's the best capture rate anyone has seen
> with Ethereal using fullsize snaplength and real world packet sizes?
>
> diana
>
> -----Original Message-----
> From: Ian Schorr
> To: Eichert, Diana
> Cc: ethereal-dev@xxxxxxxxxxxx
> Sent: 10/7/2003 8:04 PM
> Subject: Re: [Ethereal-dev] RE: What features does DS have that  
> Ethereal
> lacks ..
>
> The specific feature that DS provides versus other versions of Sniffer
> is a distributed control mechanism.  Essentially an "Agent" is loaded
> onto a series of, usually rackmounted, probes.  These agents can be
> remotely controlled using Sniffer's console software, which provides
> the normal Sniffer pretty front-end.  The agent pushes host list,
> packet data (while browsing a packet list), status and statistical data
> back to the console.
>
> Otherwise it's essentially a less-well-maintained instance of Sniffer
> Pro, and has its same advantages (hugely better interface speed when
> performing actions and somewhat intuitive interface, mostly) and
> disadvantages (terrible expert module, mediocre decodes, data
> pattern/offset filtering, etc).
>
> Ian
>
> On Oct 7, 2003, at 8:49 PM, Eichert, Diana wrote:
>
> > Richard
> >
> > I'm on the way out the door for the day.  I'll reply with more
> > detail tomorrow.  However for immediacy "expert" mode gives you
> > annotated comment like "too many retries", "late replies", ...
> > etc.  Pretty graphics with conversation pairs functionality
> > that etherape tries to duplicate.
> >
> > I'm not running the latest version of Ethereal here, it's a
> > least a version from some time in the spring, so it's possible
> > the developers have added some graphical representations
> > capabilities that I'm not aware of.  I seem to recall some
> > traffic here about that.
> >
> > diana
> >
> > -----Original Message-----
> > From: Richard Sharpe [mailto:rsharpe@xxxxxxxxxxxxxxxxx]
> > Sent: Tuesday, October 07, 2003 6:22 PM
> > To: Eichert, Diana
> > Cc: ethereal-dev@xxxxxxxxxxxx
> > Subject: What features does DS have that Ethereal lacks ..
> >
> >
> > Thanks for the reply to the original question.
> >
> > What features does DS have that Ethereal lacks?
> >
> > Regards
> > -----
> > Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> > sharpe[at]ethereal.com, http://www.richardsharpe.com
> >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev