From owner-freebsd-hackers Thu Dec 7 23:46: 4 2000 From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 7 23:46:02 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from c014.sfo.cp.net (c014-h017.c014.sfo.cp.net [209.228.12.81]) by hub.freebsd.org (Postfix) with SMTP id 16B7D37B400 for ; Thu, 7 Dec 2000 23:45:58 -0800 (PST) Received: (cpmta 11445 invoked from network); 7 Dec 2000 23:39:59 -0800 Received: from d8c81e5f.dsl.flashcom.net (HELO quadrajet.flashcom.com) (216.200.30.95) by smtp.flashcom.net (209.228.12.81) with SMTP; 7 Dec 2000 23:39:59 -0800 X-Sent: 8 Dec 2000 07:39:59 GMT Received: (from guy@localhost) by quadrajet.flashcom.com (8.9.3/8.9.3) id XAA00529; Thu, 7 Dec 2000 23:39:58 -0800 (PST) (envelope-from gharris) Date: Thu, 7 Dec 2000 23:39:58 -0800 From: Guy Harris To: Matt Dillon Cc: Dragos Ruiu , tcpdump-workers@tcpdump.org, ethereal-dev@ethereal.com, snort-devel@lists.sourceforge.net, freebsd-hackers@FreeBSD.ORG, tech@openbsd.org Subject: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <20001207233958.C352@quadrajet.flashcom.com> References: <0012072118150Q.09615@smp.kyx.net> <200012080547.eB85lKc17216@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200012080547.eB85lKc17216@earth.backplane.com>; from dillon@earth.backplane.com on Thu, Dec 07, 2000 at 09:47:20PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 07, 2000 at 09:47:20PM -0800, Matt Dillon wrote: > Looking at the data I would guess that they > are appending to a file using write()'s on a packet-by-packet basis Or, as per my other mail, perhaps using, on Windows, a version of the standard I/O library that does bigger writes, hence fewer system calls. (That might require a bigger kernel buffer in the capture mechanism to keep the capture buffer from overflowing whilst you're busy copying data to file pages in the write, but, in fact, WinPcap is using a 1MB kernel buffer on Windows, rather than the 32K buffer that's used on FreeBSD.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message