Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: port bonding and taps

Re: port bonding and taps

From: Bennett Todd <bet_at_rahul.net>
Date: Fri, 3 Oct 2003 14:46:43 -0400

2003-10-03T14:04:12 Sam f. Stover:
> I'd like to know where the overhead imposed by the bonding causes
> packet drops.

Please keep an open mind, and make that "where and whether".

In my experience bonding's overhead was so negligible that I doubt
it would show up as a critical factor in any configuration.

Happily, tcpdump -s0 will capture a nice test file from wherever
you're planning on snorting, and tcpreplay makes it easy to blast it
back at your snorter. Set up N boxes, where N == twice the number of
taps you're going to support, and have 'em blast into the bonded
NICs over crossover cables, with tcpreplay. You can control the
playback speed, you know how many packets went out, so you can
subtract from how many were snorted to measure exactly how many were
dropped.

-Bennett

  • application/pgp-signature attachment: stored
Received on Oct 06 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos