North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: using sniffer on high-bandwidth pipes

  • From: John Kinsella
  • Date: Fri Dec 03 14:42:33 2004

Todd - first thought I have is to get a linux box with a gigE port and
anything pentium III based or faster.  Depending on the amount of analysis
you want to do, just running tcpdump to a file and then playback after
the fact.  Etherman would make for a good UI to review capture in.

Should be able to write 250mbps out to a fast drive...wouldn't build a
box with that spec with parts from compusa, though.


On Fri, Dec 03, 2004 at 10:47:08AM -0500, todd romero wrote:
> does anyone have expirience using a sniffer on a hi-capacity network
> segment, that might know if there are limitations I need to worry about?
> example: customers doing EMC database replication across a mpls link, and
> when the capacity reaches aprox. 250 Mbp/s packets are arriving out of
> sequence etc.  So we need to put sniffers on both sides to capture some
> data to see whats happeneing when the capacity reaches 250mbps.
> what kind of system requirements would be needed to be able to be able to
> capture that amount of data. For some reason, I dont think that the Dolch
> Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to
> handle that kind of data?  If they cant, we can probbaly use a sun box.
> what kind of specs would the box need?
> tia,
> tr