Wireshark · Ethereal-users: RE: [Ethereal-users] Specs for monitoring full 100 Mb line

Ethereal-users: RE: [Ethereal-users] Specs for monitoring full 100 Mb line

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Robert Casto" <robert@xxxxxxxxxxxxx>

Date: Tue, 4 Mar 2003 15:37:43 -0500

Thank you very much. This is more along the lines of what I was looking
for. I will have 2 cards, one to capture the data, the other to send to
another server for storage purposes. I am capturing only the headers of
various protocols and throwing the rest of the packets away. I might go
with a more expensive setup just to be sure since I definitely don't
want to loose any packets due to a slow computer.


Robert Casto 
Tel (513) 755-2221 
Cell (513) 349-5282 
robert@xxxxxxxxxxxxx 
http://www.cincijava.com


-----Original Message-----
From: Ronnie Sahlberg [mailto:ronnie_sahlberg@xxxxxxxxxxxxxx] 
Sent: Tuesday, March 04, 2003 3:35 PM
To: Robert Casto; ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Specs for monitoring full 100 Mb line


No need for highend/expensive stuff:
Try a single CPU linux box.
100Mbit/s full duplex is ~24MB/s in theoretical max throughput.

24MB/s => 2TB/day
Well it is not realistic to put 2TB disk in a sniffer, but the link is
probably not 100% saturated
in both directions all the time either.
Maybe something like 500GB of storage is enough?


So get a single CPU cheap linux box. (no need to waste money on high end
cpu
for such low speeds line
100baseT.)   with 2 100baseT cards.
Get 2  250GB IDE disks and stripe them together.
Tweak the disks until you get maximum throughput when doing sequential
writes.
One modern IDE disk today can do 25MB/s easily. Two shoudl be able to do
40-45MB/s,
that puts us on the safe side if there are long bursts where the link is
saturated.


Hook up both 100BaseT interfaces so one captures the traffic in one
direction and the other in the other direction.
Run Linux and capture from the ANY interface.

That should do it.





----- Original Message -----
From: "Robert Casto"
Sent: Wednesday, March 05, 2003 3:26 AM
Subject: [Ethereal-users] Specs for monitoring full 100 Mb line


I am trying to get specs together for a machine that will be able to
capture all the packets going over a 100 Mb Ethernet line. I will be
logging all the data to drives and then nightly when the line is slow,
take the captures and run Ethereal on them.

How much machine will I need to keep up with a busy 100 Mb line? Single
processor at 3.06 GHz, dual CPU? 15k RPM SCSI drives? Is there anywhere
I can go to help me figure out how fast the machine has to be?

Robert Casto
Tel (513) 755-2221
Cell (513) 349-5282
robert@xxxxxxxxxxxxx
http://www.cincijava.com

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Follow-Ups:
- Re: [Ethereal-users] Specs for monitoring full 100 Mb line
  - From: Ronnie Sahlberg

References:
- Re: [Ethereal-users] Specs for monitoring full 100 Mb line
  - From: Ronnie Sahlberg

Prev by Date: Re: [Ethereal-users] Specs for monitoring full 100 Mb line
Next by Date: Re: [Ethereal-users] Specs for monitoring full 100 Mb line
Previous by thread: Re: [Ethereal-users] Specs for monitoring full 100 Mb line
Next by thread: Re: [Ethereal-users] Specs for monitoring full 100 Mb line
Index(es):
- Date
- Thread