Ethereal-users: [Ethereal-users] Re: Specs for monitoring a full 100Mb line
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Berry, Richard" <BerryR@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 5 Mar 2003 08:58:31 -0600
Actually, there's a pretty good tool out there to do what you want: Shadow. We use it to do the captures using machines much like has been described; Using several data collectors, they feed their captures to a central server once an hour. We capture only the headers, but we keep a 4-day backlog. That way, if some problem shows up, we have historical data to review. We use the internal Shadow search, which gives us a TCPDUMP-style report, or we can extract out and use Ethereal. Alternately, if we need a full-packet capture, we temporarily take over the sensors, get our capture, drop it on our machines and use Ethereal to review. Richard Berry LAN Engineer - Principal "Si hoc legere scis numium eruditionis habes." -----Original Message----- From: ethereal-users-request@xxxxxxxxxxxx [mailto:ethereal-users-request@xxxxxxxxxxxx] Sent: Wednesday, March 05, 2003 8:12 AM To: ethereal-users@xxxxxxxxxxxx Subject: Ethereal-users digest, Vol 1 #1102 - 12 msgs Send Ethereal-users mailing list submissions to ethereal-users@xxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://www.ethereal.com/mailman/listinfo/ethereal-users or, via email, send a message with subject or body 'help' to ethereal-users-request@xxxxxxxxxxxx You can reach the person managing the list at ethereal-users-admin@xxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Ethereal-users digest..." Today's Topics: 1. Re: RPM installation (Guy Harris) 2. Re: RPM installation (Guy Harris) 3. RE: Specs for monitoring full 100 Mb line (Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx) 4. RE: Specs for monitoring full 100 Mb line (Robert Casto) 5. Re: Specs for monitoring full 100 Mb line (Ronnie Sahlberg) 6. RE: Specs for monitoring full 100 Mb line (Robert Casto) 7. Re: Specs for monitoring full 100 Mb line (Ronnie Sahlberg) 8. RE: Specs for monitoring full 100 Mb line (Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx) 9. NCP Completion Codes (Magroglou, Andrew (Aus) - N Ryde) 10. Re: Specs for monitoring full 100 Mb line (andreas.sikkema@xxxxxxxxxxx) 11. RE: NCP Completion Codes (BERGWEILER,CHRISTIAN (HP-Netherlands,ex1)) 12. RE: Specs for monitoring full 100 Mb line (Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx) --__--__-- Message: 1 Date: Tue, 4 Mar 2003 10:29:20 -0800 From: Guy Harris <guy@xxxxxxxxxx> To: "David Fay (LMI)" <David.Fay@xxxxxxxxxxxxxxx> Cc: "'Richard Urwin'" <RUrwin@xxxxxxxxxxxxxx>, "'ethereal-users@xxxxxxxxxxxx'" <ethereal-users@xxxxxxxxxxxx> Subject: Re: [Ethereal-users] RPM installation On Tue, Mar 04, 2003 at 03:57:42PM +0100, David Fay (LMI) wrote: > I don't have the configure command on my PC. It's not a system command, it's a command (shell script, actually) in the source directory of Ethereal (and of many other UNIX programs). So, from the top-level directory, run ./configure --__--__-- Message: 2 Date: Tue, 4 Mar 2003 10:30:38 -0800 From: Guy Harris <guy@xxxxxxxxxx> To: Richard Urwin <RUrwin@xxxxxxxxxxxxxx> Cc: "'David Fay (LMI)'" <David.Fay@xxxxxxxxxxxxxxx>, "'ethereal-users@xxxxxxxxxxxx'" <ethereal-users@xxxxxxxxxxxx> Subject: Re: [Ethereal-users] RPM installation On Tue, Mar 04, 2003 at 03:26:11PM -0000, Richard Urwin wrote: > It's in the top level of the source directory that you downloaded. It > uses "autoconf" in some manner I haven't yet looked into. But you > don't need to know how it works. You probably need autoconf installed > on your machine. Only if you're using the current CVS version of Ethereal, as the configure script is built by autoconf from configure.in, and is not part of the CVS tree. If you've downloaded a standard source release of Ethereal, you don't need autoconf (unless you'll be changing configure.in, acinclude.m4, etc.). --__--__-- Message: 3 From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx To: robert@xxxxxxxxxxxxx Cc: ethereal-users@xxxxxxxxxxxx Subject: RE: [Ethereal-users] Specs for monitoring full 100 Mb line Date: Tue, 4 Mar 2003 19:36:53 -0000 Robert, > -----Original Message----- > From: Robert Casto [mailto:robert@xxxxxxxxxxxxx] > I am trying to get specs together for a machine that will be > able to capture all the packets going over a 100 Mb Ethernet > line. I will be logging all the data to drives and then > nightly when the line is slow, take the captures and run > Ethereal on them. This was discussion about this very recently with the subject line "Three Big Problems" your question was pretty much problem #3 http://www.ethereal.com/lists/ethereal-users/200210/msg00220.html But the time the conversation ended Justin was still in thinking mode but with great things planned. I wonder how he got on. Justin ... ? Alistair ----------------------------------------------------------------------- Registered Office: Marks & Spencer p.l.c Michael House, Baker Street, London, W1U 8EP Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. --__--__-- Message: 4 From: "Robert Casto" <robert@xxxxxxxxxxxxx> To: <Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx> Cc: <ethereal-users@xxxxxxxxxxxx> Subject: RE: [Ethereal-users] Specs for monitoring full 100 Mb line Date: Tue, 4 Mar 2003 14:38:01 -0500 Thanks very much. I will check out the discussion. Robert Casto=20 Tel (513) 755-2221=20 Cell (513) 349-5282=20 robert@xxxxxxxxxxxxx=20 http://www.cincijava.com -----Original Message----- From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx [mailto:Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx]=20 Sent: Tuesday, March 04, 2003 2:37 PM To: robert@xxxxxxxxxxxxx Cc: ethereal-users@xxxxxxxxxxxx Subject: RE: [Ethereal-users] Specs for monitoring full 100 Mb line Robert, > -----Original Message----- > From: Robert Casto [mailto:robert@xxxxxxxxxxxxx]=20 > I am trying to get specs together for a machine that will be=20 able > to capture all the packets going over a 100 Mb Ethernet=20 line. I > will be logging all the data to drives and then=20 nightly when the > line is slow, take the captures and run=20 Ethereal on them. This was discussion about this very recently with the subject line "Three Big Problems" your question was pretty much problem #3 http://www.ethereal.com/lists/ethereal-users/200210/msg00220.html But the time the conversation ended Justin was still in thinking mode but with great things planned. I wonder how he got on.=20 Justin ... ? Alistair ----------------------------------------------------------------------- Registered Office: Marks & Spencer p.l.c Michael House, Baker Street, London, W1U 8EP Registered No. 214436 in England and Wales. Telephone (020) 7935 4422=20 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB. I am trying to get specs together for a machine that will be able to capture all the packets going over a 100 Mb Ethernet line. I will be logging all the data to drives and then nightly when the line is slow, take the captures and run Ethereal on them. How much machine will I need to keep up with a busy 100 Mb line? Single processor at 3.06 GHz, dual CPU? 15k RPM SCSI drives? Is there anywhere I can go to help me figure out how fast the machine has to be? Robert Casto Tel (513) 755-2221 Cell (513) 349-5282 robert@xxxxxxxxxxxxx http://www.cincijava.com
- Prev by Date: Re: [Ethereal-users] Decoding SSH sessions
- Next by Date: RE: [Ethereal-users] Re: Specs for monitoring a full 100Mb line
- Previous by thread: Re: [Ethereal-users] Decoding SSH sessions
- Next by thread: RE: [Ethereal-users] Re: Specs for monitoring a full 100Mb line
- Index(es):