[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Sniffing on 1GBps
- To: crazy frog crazy frog <i.m.crazy.frog@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Sniffing on 1GBps
- From: Denis Jedig <seclists@xxxxxxxxxxxx>
- Date: Sun, 18 Jun 2006 15:12:55 +0200
crazy frog crazy frog wrote:
I m just wondering if it is possible to capture the data from a
highspeed NIC card?if it is possible then wht kind of precaution we
have to take so that we does not miss the data?
If you want to do this transparently without changing the system tapped,
this is typically achieved with the use of dedicated probes which get
hooked in between the system and e.g. the switch. The probes are
typically equipped with buffer memory and have two output channels to be
able to cope up with full duplex operation in real time. Google will
help you to find manufacturers:
http://www.google.de/search?q=gigabit+ethernet+probe
There are some papers dealing with capturing and performance issues on
the net, some of them published by members of the Winpcap team:
http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic idea
that filtering should not be done within the application but either in
the kernel or in the capturing device to reduce the number of copy
operations and thus the load on the capturing system.
Denis
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/