North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Let's talk about Distance Sniffing/Remote Visibility

  • From: E.B. Dreger
  • Date: Thu Mar 28 13:01:30 2002

> Date: Thu, 28 Mar 2002 12:19:55 -0500
> From: Richard A Steenbergen <[email protected]>

(snipping throughout)

> Disk I/O on a sniffer box? Sounds like you've been sniffing
> something other than packets my friend. :)

I like to log interesting packets; I agree with Carl.

> You can build your own box like that easily enough. If you're going for
> FastE sniffing I highly recommend the Adaptec Quartet 4-port cards. If

D-Link DFE-570TX are _very_ cheap if you're happy with 32-bit /
33 MHz PCI.

[ snip FreeBSD + Alteon ]

I did not know about the partial-packet DMA transfers.  Mmmmm....

> Or if you're comfortable writing kernel code, I recommend you
> make a character device for sniffer device control, and use it
> to pass page-aligned malloc'd memory pointers from userland
> into the nic driver, which you then pass to the card as the RX
> ring buffers. This will let you DMA your packets directly into
> userland. If not, at least unhook ether_input(). :)

Never done this.  About how much "capacity" does the zero-copy
approach add?


Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <[email protected]>
To: [email protected]
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <[email protected]>, or you are likely to be blocked.