[Cerowrt-devel] packet capture hardware

Michael Richardson mcr at sandelman.ca
Mon Feb 4 15:05:47 EST 2013 

>>>>> "Dave" == Dave Taht <dave.taht at gmail.com> writes:
    Dave> I think there is a real market need for something in the SFP
    Dave> form factor that can do high rate packet captures and other
    Dave> sorts of analysis. I imagine a SFP in, and Esata out going
    Dave> into a router would be a useful diagnostic tool (and also
    Dave> something the NSA would love, which I have ambiguous feelings
    Dave> about)

    Dave> It could also be priced appropriately and maybe make some
    Dave> money.

    Dave> I think there is also a market need for something that can be
    Dave> an analysis box/home router that can also do captures at
    Dave> typical rates in the home (20-30Mbit), but that's still just
    Dave> above what a wndr3800 can do when last I tried. (it's mostly
    Dave> bound by the usb interface actually)

For people doing *testing* rather than people doing long-haul packet
captures (e.g. the NSA, or
http://www.caida.org/projects/network_telescope/), you don't need to
capture for very long.

What I've wanted to put together, but I never get around to it, is a set
of bootable live CDs/TFTP images that you basically just run on a
machine with a pair of Gb/ethernet and 16-32Gbyte ram.  The NIC driver is
replaced with one that basically just uses all of available ram, and
when it's full, you stop capturing, and start either crunching or saving
to disk.

Stupid simple arithmetic you can capture 1Gb/s traffic for 32*8=256s
with 32G ram.  "Server" motherboards that go up to 48G ram are
relatively easy to acquire, and desktop ($99) motherboards systems that
can up to 16 or 24G are common.    I'd leave the machine on someone's
desk that travelled a lot if I was in an office...

The same system could play back traffic at speed.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

More information about the Cerowrt-devel mailing list