Re: [tcpdump-workers] windump

Sun, 16 Sep 2001 08:59:15 -0700 

I've tested tcpdump and windump on Redhat 7 vs Windows 98. Windump had
packet loss above 20% when working on a network with 10% utilization but
tcpdump had no packet loss. I think it's because of complexities in
implementing winpcap. Isn't it true?

----- Original Message -----
From: Guy Harris <[EMAIL PROTECTED]>
To: Mehdi Kianpour <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, September 16, 2001 6:22 AM
Subject: Re: [tcpdump-workers] windump


> On Sat, Sep 15, 2001 at 12:47:12PM +0430, Mehdi Kianpour wrote:
> > In the paper titled: Development of an Architecture for Packet Capture
> > and Network Traffic Analysis found in
> > http://netgroup-serv.polito.it/winpcap/docs/default.htm
> > <http://netgroup-serv.polito.it/winpcap/docs/default.htm>  the author
> > counts some advantages of wpcap over libpcap.
>
> Libpcap and WinPcap are best thought of as a layer atop a native packet
> capture mechanism, providing a platform-independent interface to the
> different capture mechanisms provided on different platforms.
>
> As such, the performance comparison section is more of a comparison of
> the FreeBSD version of BPF and the WinPcap driver - and also of the file
> systems and I/O mechanisms of FreeBSD and various versions of Windows,
> as, in in the third test, the captured packets were written to a file.
>
> The results of the comparison might be different if libpcap is tested on
> a different flavor of UNIX; it might be interesting to see what happens
> on, for example, a Linux system with a 2.2 or later kernel and with
> socket filtering enabled (so that the filter is evaluated in the kernel
> on both platforms, and packets that don't pass the filter aren't copied
> up to userland), or on OpenBSD (which has some changes to BPF that might
> make a difference).
>
> > For example, it's said
> > that windump will work better than tcpdump in a bursty traffic. Do you
> > believe in these claims? Although I've tested this and it doesn't seem
> > to be true.
>
> What were the tests you did, on what OSes did you run your tests, and
> what were the results?
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use
mailto:[EMAIL PROTECTED]?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to