Re: Let's talk about Distance Sniffing/Remote Visibility

["E.B. Dreger" <eddy+public+spam () noc everquick net>]

> Date: Thu, 28 Mar 2002 12:19:55 -0500
> From: Richard A Steenbergen <ras () e-gerbil net>

(snipping throughout)


> Disk I/O on a sniffer box? Sounds like you've been sniffing
> something other than packets my friend. :)

I like to log interesting packets; I agree with Carl.


> You can build your own box like that easily enough. If you're going for
> FastE sniffing I highly recommend the Adaptec Quartet 4-port cards. If

D-Link DFE-570TX are _very_ cheap if you're happy with 32-bit /
33 MHz PCI.


[ snip FreeBSD + Alteon ]

I did not know about the partial-packet DMA transfers.  Mmmmm....


> Or if you're comfortable writing kernel code, I recommend you
> make a character device for sniffer device control, and use it
> to pass page-aligned malloc'd memory pointers from userland
> into the nic driver, which you then pass to the card as the RX
> ring buffers. This will let you DMA your packets directly into
> userland. If not, at least unhook ether_input(). :)

Never done this.  About how much "capacity" does the zero-copy
approach add?


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist () brics com>, or you are likely to be blocked.