[unisog] Remote sniffers- what do you use?
Peter Van Epp
vanepp at sfu.ca
Thu Mar 9 16:30:06 GMT 2006
> You can easily load just about every open-source network analysis tool
> (snort, argus, tcpdump, ethereal, ntop, etc) onto a 1-U FreeBSD box
> (FreeBSD beating Linux in most any networking benchmark -- Linux+pfRing
The the risk of starting a religious war, I don't think this is correct
:-). Four or five years ago I made this argument to our HPC folks when they
were building a 192 node Beowolf cluster so we ran benchmarks (iperf, netperf
etc.) on my argus test boxes and found while FreeBSD did better on CPU usage
either OS could fill the pipe and as a result they decided to go Linux to be
like most of the rest of the Beowolf world.
I can testify from personal experience that a year or so ago the
same box running argus on a gig link doing 995 megs lost around %50 of the
packets on FreeBSD when Linux with pfRing (and a meg or so of buffer space in
the kernel which makes the comparison somewhat unfair :-)) was able to keep up
There is also some interesting new tcp code from Van Jacobson (not yet
releasable last I heard) for Linux that he says cuts %80 of the CPU usage
(although it is probably applicable to FreeBSD too if someone ports it).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog