>Does anyone have experience with libpcap versus WINPcap from a performance
>standpoint? I don't have packet numbers but I don't want to drop any. I
>know how to use libpcap without the tcp/ip stack but how about WINPcap?
Since winpcap goes thr another layer to the network - it would always be
lower than the native lib. But the winpcap is good enough for normal - ie
fully utilised 100 Mbps switch that I have but I run that in "hub" mode to
sniff all the traffic - anything above that I think u would have to go
native using linux.
>Since it is a protocol I don't think it works the same way. Does any know
>of any other Windows solutions for logging all the traffic
Where are u exaclty putting up the network sensor ? I like to have this kind
of sencor sitting on the gateway with one network card for incomming and
other card for outgoing traffic and loging everything that goes and comes
out - if a packet dosent get logged it gets dropped.
>(except video) on a network. I may have to recommend Windows over Linux to
my
>client, if the performance is ok.
Linux pcap would always be better than a windows if you are going above 100
mbps I think - it all depends upon what u want to log and at what speed.
Since u don't want to any drop packets and most likely u are going to use
1000 mbps I would remommend native pcap libs
-aditya
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Feb 05 2005
Intro
