[76233] in North American Network Operators' Group
Re: using sniffer on high-bandwidth pipes
daemon@ATHENA.MIT.EDU (John Kinsella)
Fri Dec 3 14:41:53 2004
Date: Fri, 3 Dec 2004 11:41:21 -0800
From: John Kinsella <jlk@thrashyour.com>
To: todd romero <todd@routeflap.net>
Cc: nanog@nanog.org
Reply-To: John Kinsella <jlk@thrashyour.com>
In-Reply-To: <20041203103450.R8910@ns.routeflap.net>
Errors-To: owner-nanog-outgoing@merit.edu
Todd - first thought I have is to get a linux box with a gigE port and
anything pentium III based or faster. Depending on the amount of analysis
you want to do, just running tcpdump to a file and then playback after
the fact. Etherman would make for a good UI to review capture in.
Should be able to write 250mbps out to a fast drive...wouldn't build a
box with that spec with parts from compusa, though.
John
On Fri, Dec 03, 2004 at 10:47:08AM -0500, todd romero wrote:
> does anyone have expirience using a sniffer on a hi-capacity network
> segment, that might know if there are limitations I need to worry about?
>
> example: customers doing EMC database replication across a mpls link, and
> when the capacity reaches aprox. 250 Mbp/s packets are arriving out of
> sequence etc. So we need to put sniffers on both sides to capture some
> data to see whats happeneing when the capacity reaches 250mbps.
>
> what kind of system requirements would be needed to be able to be able to
> capture that amount of data. For some reason, I dont think that the Dolch
> Pac 65 sniffers we have (running nt4 and sniffer pro2) would be able to
> handle that kind of data? If they cant, we can probbaly use a sun box.
> what kind of specs would the box need?
>
> tia,
> tr
