Let's talk about Distance Sniffing/Remote Visibility
E.B. Dreger
eddy+public+spam at noc.everquick.net
Thu Mar 28 17:59:20 UTC 2002
> Date: Thu, 28 Mar 2002 12:19:55 -0500
> From: Richard A Steenbergen <ras at e-gerbil.net>
(snipping throughout)
> Disk I/O on a sniffer box? Sounds like you've been sniffing
> something other than packets my friend. :)
I like to log interesting packets; I agree with Carl.
> You can build your own box like that easily enough. If you're going for
> FastE sniffing I highly recommend the Adaptec Quartet 4-port cards. If
D-Link DFE-570TX are _very_ cheap if you're happy with 32-bit /
33 MHz PCI.
[ snip FreeBSD + Alteon ]
I did not know about the partial-packet DMA transfers. Mmmmm....
> Or if you're comfortable writing kernel code, I recommend you
> make a character device for sniffer device control, and use it
> to pass page-aligned malloc'd memory pointers from userland
> into the nic driver, which you then pass to the card as the RX
> ring buffers. This will let you DMA your packets directly into
> userland. If not, at least unhook ether_input(). :)
Never done this. About how much "capacity" does the zero-copy
approach add?
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist at brics.com>, or you are likely to be blocked.
More information about the NANOG
mailing list