tcpdump mailing list archives
Re: Multi process sniffing and dropped packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 12 Jan 2006 17:16:01 -0800
On Jan 12, 2006, at 5:03 PM, Michael Richardson wrote:
You could perhaps, do just load the filter and fork. You'd be sharing the same file descriptor, and if your kernel returns one-packet-per-read (some mmap'ed interfaces do not!),
Some non-mmapped interfaces don't, either, e.g. BPF on various BSDs and Solaris. You could arrange that they not buffer packets, but that means more wakeups and possibly higher CPU load as a result.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Multi process sniffing and dropped packets computational_complex-forthespam (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 13)
- Re: Multi process sniffing and dropped packets Robert Lowe (Jan 12)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 14)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 17)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 21)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Michael Richardson (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 12)