North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: using sniffer on high-bandwidth pipes
Todd - first thought I have is to get a linux box with a gigE port and anything pentium III based or faster. Depending on the amount of analysis you want to do, just running tcpdump to a file and then playback after the fact. Etherman would make for a good UI to review capture in. Should be able to write 250mbps out to a fast drive...wouldn't build a box with that spec with parts from compusa, though. John On Fri, Dec 03, 2004 at 10:47:08AM -0500, todd romero wrote: > does anyone have expirience using a sniffer on a hi-capacity network > segment, that might know if there are limitations I need to worry about? > > example: customers doing EMC database replication across a mpls link, and > when the capacity reaches aprox. 250 Mbp/s packets are arriving out of > sequence etc. So we need to put sniffers on both sides to capture some > data to see whats happeneing when the capacity reaches 250mbps. > > what kind of system requirements would be needed to be able to be able to > capture that amount of data. For some reason, I dont think that the Dolch > Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to > handle that kind of data? If they cant, we can probbaly use a sun box. > what kind of specs would the box need? > > tia, > tr
|