[Snort-devel] Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Guy Harris gharris at ...148...
Fri Dec 8 02:39:58 EST 2000


On Thu, Dec 07, 2000 at 09:47:20PM -0800, Matt Dillon wrote:
>     Looking at the data I would guess that they
>     are appending to a file using write()'s on a packet-by-packet basis

Or, as per my other mail, perhaps using, on Windows, a version of the
standard I/O library that does bigger writes, hence fewer system calls. 
(That might require a bigger kernel buffer in the capture mechanism to
keep the capture buffer from overflowing whilst you're busy copying data
to file pages in the write, but, in fact, WinPcap is using a 1MB kernel
buffer on Windows, rather than the 32K buffer that's used on FreeBSD.)



More information about the Snort-devel mailing list