> Date: Fri, 3 Dec 2004 10:47:08 -0500 (EST) > From: todd romero <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: using sniffer on high-bandwidth pipes
> does anyone have expirience using a sniffer on a hi-capacity network > segment, that might know if there are limitations I need to worry about? > example: customers doing EMC database replication across a mpls link, and > when the capacity reaches aprox. 250 Mbp/s packets are arriving out of > sequence etc. So we need to put sniffers on both sides to capture some > data to see whats happeneing when the capacity reaches 250mbps. Well, there was a nice presentation at SANE 2004 about using Linux with some tweaks... It also compared it model and performance wise with the features available under FreeBSD (4.x IIRC): http://www.nluug.nl/events/sane2004/abstracts/ab.html?id=100 Luca is the man behind NTOP: http://www.ntop.org/ Luca showed that moderate hardware is capable of handling Gb/s speeds at above 90% capture rate if you use the right combination of logic and tools (PF_Ring). In his case a moderate P3 and I believe somewhere upwards of 600Mbps... The goal was mainly to reduce the load of the CPU to allow the machine to actually process the packets it has captured ;) The ntop website has some papers: http://www.ntop.org/documentation.html > tia, > tr Kind Regards, JP Velders