From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by huchra.bufferbloat.net (Postfix) with ESMTP id A31672021A8 for ; Mon, 4 Feb 2013 12:06:48 -0800 (PST) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 437452016D; Mon, 4 Feb 2013 15:12:38 -0500 (EST) Received: by sandelman.ca (Postfix, from userid 179) id CE9EA6376A; Mon, 4 Feb 2013 15:05:47 -0500 (EST) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id C3A3B63769; Mon, 4 Feb 2013 15:05:47 -0500 (EST) From: Michael Richardson To: Dave Taht In-Reply-To: References: X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22) X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] packet capture hardware X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 20:06:48 -0000 >>>>> "Dave" == Dave Taht writes: Dave> I think there is a real market need for something in the SFP Dave> form factor that can do high rate packet captures and other Dave> sorts of analysis. I imagine a SFP in, and Esata out going Dave> into a router would be a useful diagnostic tool (and also Dave> something the NSA would love, which I have ambiguous feelings Dave> about) Dave> It could also be priced appropriately and maybe make some Dave> money. Dave> I think there is also a market need for something that can be Dave> an analysis box/home router that can also do captures at Dave> typical rates in the home (20-30Mbit), but that's still just Dave> above what a wndr3800 can do when last I tried. (it's mostly Dave> bound by the usb interface actually) For people doing *testing* rather than people doing long-haul packet captures (e.g. the NSA, or http://www.caida.org/projects/network_telescope/), you don't need to capture for very long. What I've wanted to put together, but I never get around to it, is a set of bootable live CDs/TFTP images that you basically just run on a machine with a pair of Gb/ethernet and 16-32Gbyte ram. The NIC driver is replaced with one that basically just uses all of available ram, and when it's full, you stop capturing, and start either crunching or saving to disk. Stupid simple arithmetic you can capture 1Gb/s traffic for 32*8=256s with 32G ram. "Server" motherboards that go up to 48G ram are relatively easy to acquire, and desktop ($99) motherboards systems that can up to 16 or 24G are common. I'd leave the machine on someone's desk that travelled a lot if I was in an office... The same system could play back traffic at speed. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [