Full Disclosure: Re: Sniffing on 1GBps

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Sniffing on 1GBps

From: Fabio Pietrosanti - naif <naif () s0ftpj org>
Date: Mon, 19 Jun 2006 01:00:41 +0200

Denis Jedig wrote:

There are some papers dealing with capturing and performance issues on
the net, some of them published by members of the Winpcap team:
http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic
idea that filtering should not be done within the application but
either in the kernel or in the capturing device to reduce the number
of copy operations and thus the load on the capturing system.

You probably need to use a statefull load balancer in order to split the
traffic between different probes (or different load balancers with
probes behind) and get the opportunity to do real-time analysis
(parametric interception).

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Sniffing on 1GBps crazy frog crazy frog (Jun 18)
- Re: Sniffing on 1GBps Valdis . Kletnieks (Jun 18)
- Re: Sniffing on 1GBps Denis Jedig (Jun 18)
- Re: Sniffing on 1GBps 3APA3A (Jun 18)
- Message not available
  - Re: Sniffing on 1GBps Fabio Pietrosanti - naif (Jun 18)
- Re: Sniffing on 1GBps Michael Holstein (Jun 19)