Yeah, I didn't mention the distributed aspect of DS as it didn't
seem like it was this guys problem.
We just got in one of the 10Gb Sniffer boxes at work the other
day. Pushing packets through it with a Spirent Smartbits
tester we were able to capture at almost line rate. Of course
you can't do that very long as it fills up the memory buffer.
One of the things I saw with NAI Sniffer was their lower dropped
packet rates on a high usage GigE interface because they provide
custom drivers for the NICs they support. I added a "-q" switch
to tethereal to help with this issue, it was incorporated into
ethereal on 3/22/2002.
http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/tethereal.c.diff?r1=1.1
32&r2=1.133
I never got around to modifying the Ethereal GUI to support
"quiet" operation during capture. Tethereal is good enough for
my needs.
I'm curious to know what's the best capture rate anyone has seen
with Ethereal using fullsize snaplength and real world packet sizes?
diana
-----Original Message-----
From: Ian Schorr
To: Eichert, Diana
Cc: ethereal-dev@xxxxxxxxxxxx
Sent: 10/7/2003 8:04 PM
Subject: Re: [Ethereal-dev] RE: What features does DS have that Ethereal
lacks ..
The specific feature that DS provides versus other versions of Sniffer
is a distributed control mechanism. Essentially an "Agent" is loaded
onto a series of, usually rackmounted, probes. These agents can be
remotely controlled using Sniffer's console software, which provides
the normal Sniffer pretty front-end. The agent pushes host list,
packet data (while browsing a packet list), status and statistical data
back to the console.
Otherwise it's essentially a less-well-maintained instance of Sniffer
Pro, and has its same advantages (hugely better interface speed when
performing actions and somewhat intuitive interface, mostly) and
disadvantages (terrible expert module, mediocre decodes, data
pattern/offset filtering, etc).
Ian
On Oct 7, 2003, at 8:49 PM, Eichert, Diana wrote:
> Richard
>
> I'm on the way out the door for the day. I'll reply with more
> detail tomorrow. However for immediacy "expert" mode gives you
> annotated comment like "too many retries", "late replies", ...
> etc. Pretty graphics with conversation pairs functionality
> that etherape tries to duplicate.
>
> I'm not running the latest version of Ethereal here, it's a
> least a version from some time in the spring, so it's possible
> the developers have added some graphical representations
> capabilities that I'm not aware of. I seem to recall some
> traffic here about that.
>
> diana
>
> -----Original Message-----
> From: Richard Sharpe [mailto:rsharpe@xxxxxxxxxxxxxxxxx]
> Sent: Tuesday, October 07, 2003 6:22 PM
> To: Eichert, Diana
> Cc: ethereal-dev@xxxxxxxxxxxx
> Subject: What features does DS have that Ethereal lacks ..
>
>
> Thanks for the reply to the original question.
>
> What features does DS have that Ethereal lacks?
>
> Regards
> -----
> Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> sharpe[at]ethereal.com, http://www.richardsharpe.com
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>