mailing list archives
Re: How to build a 10Gbe test environment and monitor it with Wireshark?
From: Patrick Klos <patrick () klos com>
Date: Tue, 02 Apr 2013 11:47:25 -0400
David Aldrich wrote:
Thanks very much for your reply.
Typically, monitoring a 10Gb link involves using a tap (or a switch with a SPAN port). Are you using copper or fiber?
I don't know which to choose. The cable length will be <5m. Which would you suggest?
Well, if you're only testing in the lab between these 2 machine (and
you'll run Wireshark on one of them), you can save a lot of money by
just using a direct attach cable like this one:
(I'm not endorsing this company - they just happened to show up early in
the search list)
It's basically a cable with an SFP+ permanently attached at each end. I
used a cable like that when I was writing drivers for some 10G cards. A
lot cheaper than buying fiber or copper SFP+'s, cables and possibly a
switch or tap.
Depending on the load you expect on the 10Gb link, you might even need a filtering tap.
It seems that a tap is just a switch with a montoring port. Am I correct?
Sometimes yes, sometimes no. Taps can have all kinds of features that
you won't typically see in a switch with a monitoring port. In the
simplest sense, they can be quite similar.
If you have a decent tap and can filter the data you care about to less than 1Gbps,
you can filter the 10G in the tap and feed it to your Wireshark system over a 1G link.
I had thought of just running Wireshark on the same PC as the test application. Then I wouldn't need a tap.
Sure. That should work just fine unless you're looking for something
that's timing or performance dependent? (meaning that running Wireshark
on the same machine could effect the timing issue you're trying to debug)
But perhaps I should run it on a separate PC and then will need a tap.
How would that help if the previous scenario provided you the
capabilities you need? What would this setup give you that the previous
setup couldn't? It's a matter of cost versus functionality.
Windows systems usually have more overhead than allowed for effective high bandwidth capture -
I suspect you'd have better luck with the Linux base for running Wireshark on heavy loads.
Agreed - I'll use Linux.
My statement about Windows versus Linux is primarily targeted at high
bandwidth situations. Are you testing performance or just functionality?
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe