On Thu, Aug 20, 2009 at 02:00:21PM -0700, Guy Harris wrote:
>
> On Aug 20, 2009, at 1:47 PM, Sake Blok wrote:
>
> > I'm curious about:
> > - When capturing, how well do Linux and MacOS/X perform on a full
> > Gbit link?
[snip]
> Out of the box, Windows and winpcap [winpcap], the port of libpcap
> to Win32, perform much better than other popular Unix-like OS.
Hmmm... and I was trying to move *away* from Windows :(
(however, a recent post *did* reveal that display filtering was way
quicker on MacOS/X and Linux as it was on Windows)
> Mac OS X might behave *somewhat* similarly to FreeBSD, because they
> both use BPF, but Luca seems to indicate that stuff below the capture
> mechanism makes a big difference - one issue is that if you get one
> interrupt per packet, your performance will suck at high packet rates,
> so polling, which causes multiple packets to be picked up per (clock)
> interrupt, can improve matters. I don't know offhand whether OS X's
> drivers and networking stack do polling or any other form of interrupt
> batching.
I can imagine the drivers being optimized for normal usage of the
network, not capturing.
> (I don't capture enough traffic to speak from experience - I mostly
> either read capture files supplied to me or do small captures of
> traffic to and from my own machine.)
Assuming you are working on a MacBook (Pro?), did you get a chance to
work with a SSD as well as a HDD? If so, did you experience different
performance?
Cheers,
Sake