Re: using sniffer on high-bandwidth pipes

[John Kinsella <jlk () thrashyour com>]

Todd - first thought I have is to get a linux box with a gigE port and
anything pentium III based or faster.  Depending on the amount of analysis
you want to do, just running tcpdump to a file and then playback after
the fact.  Etherman would make for a good UI to review capture in.

Should be able to write 250mbps out to a fast drive...wouldn't build a
box with that spec with parts from compusa, though.

John

On Fri, Dec 03, 2004 at 10:47:08AM -0500, todd romero wrote:
> does anyone have expirience using a sniffer on a hi-capacity network
> segment, that might know if there are limitations I need to worry about?
>
> example: customers doing EMC database replication across a mpls link, and
> when the capacity reaches aprox. 250 Mbp/s packets are arriving out of
> sequence etc.  So we need to put sniffers on both sides to capture some
> data to see whats happeneing when the capacity reaches 250mbps.
>
> what kind of system requirements would be needed to be able to be able to
> capture that amount of data. For some reason, I dont think that the Dolch
> Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to
> handle that kind of data?  If they cant, we can probbaly use a sun box.
> what kind of specs would the box need?
>
> tia,
> tr