North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Let's talk about Distance Sniffing/Remote Visibility
> Date: Thu, 28 Mar 2002 12:19:55 -0500 > From: Richard A Steenbergen <[email protected]> (snipping throughout) > Disk I/O on a sniffer box? Sounds like you've been sniffing > something other than packets my friend. :) I like to log interesting packets; I agree with Carl. > You can build your own box like that easily enough. If you're going for > FastE sniffing I highly recommend the Adaptec Quartet 4-port cards. If D-Link DFE-570TX are _very_ cheap if you're happy with 32-bit / 33 MHz PCI. [ snip FreeBSD + Alteon ] I did not know about the partial-packet DMA transfers. Mmmmm.... > Or if you're comfortable writing kernel code, I recommend you > make a character device for sniffer device control, and use it > to pass page-aligned malloc'd memory pointers from userland > into the nic driver, which you then pass to the card as the RX > ring buffers. This will let you DMA your packets directly into > userland. If not, at least unhook ether_input(). :) Never done this. About how much "capacity" does the zero-copy approach add? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[email protected]> To: [email protected] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[email protected]>, or you are likely to be blocked.