Hey linux kernel / #infosec people, help me out a bit here.
It has been told to me, without evidence but by a person I do not consider a fool, that raw-socket based sniffer in linux on recent kernels would be "unreliable under load" and "miss some packets under load"
Bullshit?
-
-
and a raw socket is handled using that buffer and not "general comm" one? Fascinating.
-
dunno, that buffer is why tcpdump would lose packets that the network stack didn't, idk how the raw socket approach is implemented
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.