[2236] in linux-net channel archive
Optimising for packet sniffing
daemon@ATHENA.MIT.EDU (Nick Holloway)
Mon Mar 25 12:33:17 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: Nick.Holloway@alfie.demon.co.uk (Nick Holloway)
Date: 25 Mar 1996 16:55:52 -0000
I've installed Linux 1.3.75 on a 486sx20 laptop with 8Mb of RAM, so I
can use tcpdump to try and get a handle on a problem we are seeing.
The worrying aspect is that I get "Couldn't get a free page" reasonably
often. Are there parameters I can tune in /proc/sys to try and help
with keeping memory available for incoming packets?
Does anybody have a feeling for whether I will be losing packets
a significant number of packets on the above setup (ethernet card
is a PCMCIA Grey Cell card) -- i.e. can I expect to be able to grab
back-to-back packets off the wire? Should I commandeer a P90 with a
3c509 instead?
PS: The problem we are seeing is that Win 3.11 with MS/TCP 3.11b
talking to NT 3.1 is suffering from spurious "Connection reset by peer".
Looking at a packet trace, it appears I don't get the second part of a
"FIN" closedown. Does this ring any bells with anyone?
PPS: Is the order of the packets printed by tcpdump more reliable than the
timestamps? I'm getting non-monotonic times for the fraction of a second.
--
`O O' | Home: Nick.Holloway@alfie.demon.co.uk
// ^ \\ | Work: Nick.Holloway@parallax.co.uk http://www.parallax.co.uk/~alfie/
