From: Michael Richardson <mcr@sandelman.ca>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] packet capture hardware
Date: Mon, 04 Feb 2013 15:05:47 -0500 [thread overview]
Message-ID: <13791.1360008347@sandelman.ca> (raw)
In-Reply-To: <CAA93jw79T8Ap7Z4es4L9TM8DwAvNpS-EoXamGeDsN3wr3ZZWCA@mail.gmail.com>
>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
Dave> I think there is a real market need for something in the SFP
Dave> form factor that can do high rate packet captures and other
Dave> sorts of analysis. I imagine a SFP in, and Esata out going
Dave> into a router would be a useful diagnostic tool (and also
Dave> something the NSA would love, which I have ambiguous feelings
Dave> about)
Dave> It could also be priced appropriately and maybe make some
Dave> money.
Dave> I think there is also a market need for something that can be
Dave> an analysis box/home router that can also do captures at
Dave> typical rates in the home (20-30Mbit), but that's still just
Dave> above what a wndr3800 can do when last I tried. (it's mostly
Dave> bound by the usb interface actually)
For people doing *testing* rather than people doing long-haul packet
captures (e.g. the NSA, or
http://www.caida.org/projects/network_telescope/), you don't need to
capture for very long.
What I've wanted to put together, but I never get around to it, is a set
of bootable live CDs/TFTP images that you basically just run on a
machine with a pair of Gb/ethernet and 16-32Gbyte ram. The NIC driver is
replaced with one that basically just uses all of available ram, and
when it's full, you stop capturing, and start either crunching or saving
to disk.
Stupid simple arithmetic you can capture 1Gb/s traffic for 32*8=256s
with 32G ram. "Server" motherboards that go up to 48G ram are
relatively easy to acquire, and desktop ($99) motherboards systems that
can up to 16 or 24G are common. I'd leave the machine on someone's
desk that travelled a lot if I was in an office...
The same system could play back traffic at speed.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
next prev parent reply other threads:[~2013-02-04 20:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-04 17:48 Dave Taht
2013-02-04 20:05 ` Michael Richardson [this message]
2013-02-04 21:20 ` David Lang
2013-02-05 3:56 ` dpreed
2013-02-05 0:20 ` Guillaume Fortaine
2013-02-05 3:41 ` dpreed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13791.1360008347@sandelman.ca \
--to=mcr@sandelman.ca \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox