[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Sniffing on 1GBps

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Sniffing on 1GBps
From: Fabio Pietrosanti - naif <naif@xxxxxxxxxx>
Date: Mon, 19 Jun 2006 01:00:41 +0200

Denis Jedig wrote:
> There are some papers dealing with capturing and performance issues on
> the net, some of them published by members of the Winpcap team:
> http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic
> idea that filtering should not be done within the application but
> either in the kernel or in the capturing device to reduce the number
> of copy operations and thus the load on the capturing system.
You probably need to use a statefull load balancer in order to split the
traffic between different probes (or different load balancers with
probes behind) and get the opportunity to do real-time analysis
(parametric interception).

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Sniffing on 1GBps
  - From: crazy frog crazy frog

Prev by Date: [Full-disclosure] ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME***
Next by Date: [Full-disclosure] [ GLSA 200606-20 ] Typespeed: Remote execution of arbitrary code
Previous by thread: Re: [Full-disclosure] Sniffing on 1GBps
Next by thread: Re: [Full-disclosure] Sniffing on 1GBps
Index(es):
- Date
- Thread