Full Disclosure mailing list archives
Re: Sniffing on 1GBps
From: Fabio Pietrosanti - naif <naif () s0ftpj org>
Date: Mon, 19 Jun 2006 01:00:41 +0200
Denis Jedig wrote:
There are some papers dealing with capturing and performance issues on the net, some of them published by members of the Winpcap team: http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic idea that filtering should not be done within the application but either in the kernel or in the capturing device to reduce the number of copy operations and thus the load on the capturing system.
You probably need to use a statefull load balancer in order to split the traffic between different probes (or different load balancers with probes behind) and get the opportunity to do real-time analysis (parametric interception). -naif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Sniffing on 1GBps crazy frog crazy frog (Jun 18)
- Re: Sniffing on 1GBps Valdis . Kletnieks (Jun 18)
- Re: Sniffing on 1GBps Denis Jedig (Jun 18)
- Re: Sniffing on 1GBps 3APA3A (Jun 18)
- Message not available
- Re: Sniffing on 1GBps Fabio Pietrosanti - naif (Jun 18)
- Re: Sniffing on 1GBps Michael Holstein (Jun 19)