[Dshield] Linux vs. Windows Packet Capture

Mrcorp mrcorp at yahoo.com
Mon Jan 12 18:22:03 GMT 2004


Question for the group.  I am reviewing a paper that has been submitted for my site and was
wondering if anyone else has any comments or can point me in the right direction for more
information.

It seems that using standard Libpcap on Linux with Kernel 2.4 experienced a significant packet
loss on a 100 Mbit connection vs. Windows 2K.  I was surprised to learn about this and it seems to
reference Interupt Livelock.  If this is the case, wouldnt it be better for packet capturing
reasons to move our NIDS to Windows?

I am not looking for a flame here, but anyones personal experiences or experiments.

Mrcorp
www.infosecwriters.com

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus




More information about the list mailing list