Full Disclosure mailing list archives
Re: Sniffing on 1GBps
From: Denis Jedig <seclists () syneticon de>
Date: Sun, 18 Jun 2006 15:12:55 +0200
crazy frog crazy frog wrote:
I m just wondering if it is possible to capture the data from a highspeed NIC card?if it is possible then wht kind of precaution we have to take so that we does not miss the data?
If you want to do this transparently without changing the system tapped, this is typically achieved with the use of dedicated probes which get hooked in between the system and e.g. the switch. The probes are typically equipped with buffer memory and have two output channels to be able to cope up with full duplex operation in real time. Google will help you to find manufacturers:
http://www.google.de/search?q=gigabit+ethernet+probeThere are some papers dealing with capturing and performance issues on the net, some of them published by members of the Winpcap team: http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic idea that filtering should not be done within the application but either in the kernel or in the capturing device to reduce the number of copy operations and thus the load on the capturing system.
Denis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sniffing on 1GBps crazy frog crazy frog (Jun 18)
- Re: Sniffing on 1GBps Valdis . Kletnieks (Jun 18)
- Re: Sniffing on 1GBps Denis Jedig (Jun 18)
- Re: Sniffing on 1GBps 3APA3A (Jun 18)
- Message not available
- Re: Sniffing on 1GBps Fabio Pietrosanti - naif (Jun 18)
- Re: Sniffing on 1GBps Michael Holstein (Jun 19)