Re: Hardware capture platforms

[Manish Karir <mkarir () merit edu>]

Hi John,

You might want to check out www.opencalea.org.  We have just
released opencalea-lite which is a complete re-write of the original
opencalea software.  OpenCalea-lite is a much better and cleaner
re-write(we learnt from our mistakes in the previous releases).
One of the problems of the original version was that we were
getting bogged down in details over the precise standard format
instead of making the core more stable.
OpenCalea-lite takes a step back form this and aims at
doing well the essense of what packet taps should be able to.
It has a nice clean tap/controller/collector architecture which is much
more robust.  Taps will register with the controller irrespective of
which is started first.  Process control has also been improved.
Starting and stopping taps is handled in a much cleaner way.
In addtion TCP streams are used to transfer data.
We were about to send out an announcement
regarding opencalea-lite on the opencalea () merit edu
mailing list.  Aside from calea requirements opencalea-lite is
actually a fairly good platform for running remote-taps in
your network.

-manish



> Message: 4
> Date: Tue, 29 Jul 2008 16:10:09 -0700 (PDT)
> From: "John A. Kilpatrick" <john () hypergeek net>
> Subject: Hardware capture platforms
> To: nanog () merit edu
> Message-ID: <20080729155511.R42026 () iama hypergeek net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>
> We've deployed a bunch taps in our network and now we need a platform 
> on
> which to capture the data.  Our bandwidth is currently pretty low but
> I've got 8 links to tap, which means I need 16 ports.  Has anyone done 
> any
> research on doing accurate packet capture with commodity hardware?
>
>
> --
>                                 John A. Kilpatrick
> john () hypergeek net                Email|     http://www.hypergeek.net/
> john-page () hypergeek net      Text pages|          ICQ: 19147504
>                   remember:  no obstacles/only challenges