[10222] in North American Network Operators' Group
Re: Network IP analysis?
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jun 25 11:08:27 1997
To: Joe Shaw <jshaw@insync.net>
cc: Bruce Potter <gdead@alaska.net>, nanog@merit.edu
In-reply-to: Your message of "Wed, 25 Jun 1997 00:09:13 CDT."
<Pine.GSO.3.96.970625000237.20241E-100000@vellocet.insync.net>
Reply-To: perry@piermont.com
Date: Wed, 25 Jun 1997 11:00:12 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Joe Shaw writes:
> A Network General sniffer will do this for you, and it's a really nice
> (read expensive) piece of equipment to have. They go for around $26,000
> (someone correct me if I'm wrong... I've never bought one myself).
tcpdump on a cheap NetBSD/FreeBSD/BSDI box (even an old 486 will do
just fine) will easily keep up with all of your ethernet traffic, and
its free, not $26,000. Its also VERY flexible -- I've never needed
anything else. Best to do this on a box that does native BPF, though
(asn an example SunOS does not do BPF and NIT can't handle the traffic
without dropping most stuff).
Perry
