|
IDS
mailing list archives
Re: port bonding and taps
From: Bennett Todd <bet () rahul net>
Date: Fri, 3 Oct 2003 14:46:43 -0400
2003-10-03T14:04:12 Sam f. Stover:
I'd like to know where the overhead imposed by the bonding causes
packet drops.
Please keep an open mind, and make that "where and whether".
In my experience bonding's overhead was so negligible that I doubt
it would show up as a critical factor in any configuration.
Happily, tcpdump -s0 will capture a nice test file from wherever
you're planning on snorting, and tcpreplay makes it easy to blast it
back at your snorter. Set up N boxes, where N == twice the number of
taps you're going to support, and have 'em blast into the bonded
NICs over crossover cables, with tcpreplay. You can control the
playback speed, you know how many packets went out, so you can
subtract from how many were snorted to measure exactly how many were
dropped.
-Bennett
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: port bonding and taps, (continued)
Re: port bonding and taps Aaron Cheek (Oct 06)
RE: port bonding and taps Bradberry, John (Oct 06)
|
Intro
