using sniffer on high-bandwidth pipes

• Previous message (by thread): using sniffer on high-bandwidth pipes
• Next message (by thread): 16-bit ASN kludge
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you want to get serious, check out endace cards... www.endace.com

Their cards offload much of the pcap processing to the specialized 
nic... It is only for sniffing. They manage to do a zero copy directly 
to memory... You can capture near line rate at gigabit speeds.

They are expensive, but worth it for serious monitoring.. Tie this with 
a fast dell tower that you can put on a cart or a something like a Dell 
2950 with lots of disk space and run argus 
http://www.qosient.com/argus/index.htm

Peter

todd romero wrote:
> 
> does anyone have expirience using a sniffer on a hi-capacity network
> segment, that might know if there are limitations I need to worry about?
> 
> example: customers doing EMC database replication across a mpls link, and
> when the capacity reaches aprox. 250 Mbp/s packets are arriving out of
> sequence etc.  So we need to put sniffers on both sides to capture some
> data to see whats happeneing when the capacity reaches 250mbps.
> 
> what kind of system requirements would be needed to be able to be able to
> capture that amount of data. For some reason, I dont think that the Dolch
> Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to
> handle that kind of data?  If they cant, we can probbaly use a sun box.
> what kind of specs would the box need?
> 
> tia,
> tr
> 

• Previous message (by thread): using sniffer on high-bandwidth pipes
• Next message (by thread): 16-bit ASN kludge
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]