[46438] in North American Network Operators' Group
Re: Let's talk about Distance Sniffing/Remote Visibility
daemon@ATHENA.MIT.EDU (Jim Hickstein)
Thu Mar 28 13:50:43 2002
Date: Thu, 28 Mar 2002 10:50:06 -0800
From: Jim Hickstein <jxh@jxh.com>
To: nanog@merit.edu
Message-ID: <54650000.1017341406@jxh.mirapoint.com>
In-Reply-To: <OFF4AC5973.6F02CDCE-ON86256B8A.004ECB9A@sargentlundy.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
> I'd like to hear from the list as to what your preferred means of
> determining what the hell is going on at a packet level at the other side
> of a WAN/MAN/frame/etc link.
Another commercial product to consider may be netIntercept from Sandstorm
(www.sandstorm.com). They came out and talked to BayLISA (www.baylisa.org)
about this a short time ago, and while it isn't yet doing the line rates
talked about here, it was interesting. It's more about demultiplexing TCP
and decoding protocols without regard to the port number; sort of an
expert-system. (I saw it pluck out and display thumbnails of images from a
gzipped tar file that was FTPd on a high port, IIRC.)
It's a FreeBSD box already built and already tuned. If I had the money,
I'd have bought one on the spot.
-
Jim Hickstein
President of BayLISA, and nothing to do with Sandstorm.
