On Nov 19, 2003, at 2:27 PM, Guy Harris wrote:
It might involve a binary kernel module, or the memory-mapped turbopacket stuff, combined with writing either to a raw RAID array or to a thin file system (or maybe one of the Linux file systems is fast enough).
One of their competitors (mentioned in some article about NAI's InfiniStream):
http://www.sandstorm.net/products/netintercept/
runs atop a modified FreeBSD 4.8 kernel plus "minimal set of UNIX utilities":
http://www.sandstorm.net/products/netintercept/specs
and saves "in tcpdump-format files":
http://www.sandstorm.net/products/netintercept/technical
