tag:blogger.com,1999:blog-4088979.post114530333129281822..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Profiling Sensors with BpfstatRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4088979.post-1145484486426400422006-04-19T18:08:00.000-04:002006-04-19T18:08:00.000-04:00IPTraf is similar to bpfstat. However, it doesn't ...IPTraf is similar to bpfstat. However, it doesn't show the process associated with the interface. IPTraf will allow selections of hosts, interfaces, and port numbers.<BR/><BR/>http://iptraf.seul.org/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145405434747430072006-04-18T20:10:00.000-04:002006-04-18T20:10:00.000-04:00No, that is a limitation of Linux. Someone please...No, that is a limitation of Linux. Someone please change my mind!Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145405220556961122006-04-18T20:07:00.000-04:002006-04-18T20:07:00.000-04:00Are you aware of any tools similar to bpfstat that...Are you aware of any tools similar to bpfstat that will run on linux?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145403555258973592006-04-18T19:39:00.000-04:002006-04-18T19:39:00.000-04:00Sorry...the freebsd link seems to have been cut of...Sorry...the freebsd link seems to have been cut off<BR/><BR/>http://docs.freebsd.org/cgi/getmsg.cgi?<BR/>fetch=205699+0+archive/2005/freebsd-net/<BR/>20051023.freebsd-netAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145403473284968142006-04-18T19:37:00.000-04:002006-04-18T19:37:00.000-04:00Richard: From my previous post referencing 'tuning...Richard: From my previous post referencing 'tuning (7)', you also might want to look at device 'polling (4)' for your NIC (if you haven't already). Here are some links to reference regarding the combination of sysctl's and polling. The netperf port might also help you in benchmarking tests.<BR/><BR/>http://docs.freebsd.org/cgi/getmsg.cgi?fetch=205699+0+archive/2005/freebsd-net/20051023.freebsd-net<BR/><BR/>http://luca.ntop.org/Ring.pdfAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145387234401320012006-04-18T15:07:00.000-04:002006-04-18T15:07:00.000-04:00I always see people getting flamed for asking "how...I always see people getting flamed for asking "how can I tune my network stack" on mailing lists. The same response is always that you shouldn't touch it.<BR/><BR/>If there are some tunable options that would help an nsm/ids, why haven't we ever seen these published?<BR/><BR/>I'm not against this though.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145386744670684892006-04-18T14:59:00.000-04:002006-04-18T14:59:00.000-04:00Anonymous, that is a really good comment. I did N...Anonymous, that is a really good comment. I did NO tuning on these systems. I bet I could make a few tweaks and drop fewer packets. I'll give that a try when I have some time.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1145341820570352862006-04-18T02:30:00.000-04:002006-04-18T02:30:00.000-04:00Richard: You might want to reference 'tuning (7)' ...Richard: You might want to reference 'tuning (7)' for sysctls that can be changed to improve network/system performance. Additionally, systat may help to identify hardware bottlnecks.Anonymousnoreply@blogger.com