Hi All,
I was following the discussion on sniffing 1GigE ports and thought
there might be some interest in seeing how Wireshark can be used with
sFlow monitoring, implemented in Ethernet switch hardware, to capture
packets from high speed links:
http://blog.sflow.com/2011/11/wireshark.html
sFlow is a packet sampling technology, so there are limitations to the
type of protocol following you can do in Wireshark. However, there are
offsetting benefits. If you don't know which links to tap to solve a
problem you can use sFlow to cast a wide net and capture packets from
hundreds, or even thousands of links simultaneously. Using sFlow also
lets you easily monitor 1, 10, 40 and 100GigE ports without
overwhelming Wireshark.
Cheers,
Peter