I am working on a program which can monitor all traffic in a hypervisor, the hypervisor contain many virtual hosts. I want to record all traffic from each network card(include physical network interface and virtual host's tap interface) in the hypervisor, in that case I can use the record information analysis the virtual host traffic path. Now I use packet_mmap to capture all traffic, however the problem packet_mmap performance is not good. Compare with not start capture program, the pps is downgrade 50%. Does anyone has a method to monitor all traffic with less packet loss?
Asked
Active
Viewed 164 times
0
-
3Unless you have specific hardware dedicated for such capture, doing it for more than a few high-traffic interfaces is quickly going to overwhelm any program and system. And is by "capturing" you mean write the packets to disk, then you add another bottleneck. – Some programmer dude Oct 05 '20 at 05:42
-
Use wireshark or tcpdump to capture traffic? If you need some form of high throughput solution, you probably should buy one (hardware + software) or hire a consultant. It may help if you explain *why* you're trying to do this. – Ross Jacobs Oct 05 '20 at 05:46