On Nov 19, 2003, at 3:58 PM, Martin Heroux wrote:
1- why does tcpdump don't get the same amount of packets as a regular
sniffer (Dolch for instance) I am using one of the best gigabit card
on the
market I should get the same result. BTW the altheon card can be
driven to
wire speed, I saw it on an Auspex.
Keep in mind that Sniffer's Distributed and Portable (dolch-based)
boxes perform gigabit capture to a memory buffer *on the gigabit card
itself*. The card is actually running quite a bit of Sniffer code,
including performing packet filtering, expert analysis, and statistical
calculation functions within ASICs on the card. The packets never pass
across the bus until after you stop the capture (which transfers
extremely slowly). You're not comparing apples-to-apples here.
However, Sniffer's Infinistream product is able to capture packets *to
disk* at near- full-duplex gigabit speeds without dropping packets with
what is essentially high-end PC hardware, and Niksun's and NI's latest
offerings allow half-duplex gigabit-rate data capture to system RAM
without packet drops using essentially off-the-shelf PC parts, so I'd
imagine what you're trying to do wouldn't necessarily be a *hardware*
bottleneck.
I'm not sure that I can offer much advice here, but I'm curious - can
you provide more details on the hardware and throughput/packet rates
that you were using during your test?
Ian