Tahe the scenario of trying to sniff a 100 boxes which are all connected via GigE in a single subnet. Assuming each box only uses 1% of its bandwidth, even with spanning set up[1] your sniffer will see packets faster than it can capture. Any sort of real utilization on those links and your sniffer will be worthless.
You could sniff at 10Gbit, but I don't know of any server adapters for that speed right now - and even if they did exist, I'm not sure what OS and hardware could keep up with logging all of it. -------- Roger Seielstad E-mail Geek [1] Meaning all ports also forward their traffic to a specific port for sniffing purposes - its supported in most switches > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube > Sent: Monday, April 18, 2005 1:41 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Sniffer > > So what is going to cut it then? > Are there any ready ones that sniff a subnet? > > r.c. > > On 4/15/05, Roger Seielstad <[EMAIL PROTECTED]> wrote: > > Ethereal (and most other sniffers for that matter) use the host > > machine's NIC drivers. > > > > Of course, if you're doing a promiscuous sniff on a full > GigE network > > - a single Gig interface isn't going to cut it. > > > > -------- > > Roger Seielstad > > E-mail Geek > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of > Medeiros, > > > Jose > > > Sent: Wednesday, April 13, 2005 8:54 AM > > > To: ActiveDir@mail.activedir.org > > > Subject: RE: [ActiveDir] Sniffer > > > > > > I am sure that Wildpackets has the latest driver support for most > > > Gigabit adapters. > > > > > > Jose > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of rubix cube > > > Sent: Wednesday, April 13, 2005 12:07 AM > > > To: ActiveDir@mail.activedir.org > > > Subject: Re: [ActiveDir] Sniffer > > > > > > > > > Thanks guys > > > I will try them all, they do support giga bit right? > because when we > > > upgraded to giga the sniffer I used to use couldn't do me > any good. > > > > > > r.c. > > > > > > On 4/12/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote: > > > > Greetings, > > > > > > > > Try the demo from http://www.wildpackets.com/ Etherpeek is > > > for Ethernet Networks and Airopeek is for Wireless > Network Cards. In > > > my opinion Wildpackets has the easiest to use and understand > > > sniffer, Laura Chappell http://www.packet-level.com/ swears by it. > > > > > > > > http://www.amazon.com/exec/obidos/search-handle-form/104-0192535-473 > > > 51 > > > > 32 > > > > > > > > Hope this helps, > > > > > > > > Jose :-) > > > > > > > > ------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] Behalf Of > rubix cube > > > > Sent: Tuesday, April 12, 2005 1:09 AM > > > > To: ActiveDir@mail.activedir.org > > > > Subject: [ActiveDir] Sniffer > > > > > > > > Any one recommends a specific good sniffer that he uses? > > > > Thanks > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > List archive: > > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
