** Reply to message from mheroux@xxxxxxx on Mon, 05 Mar 2001 11:20:36 -0500
> I would like to install Linux on a PC with a couple of 100Mbs NIC card, 4
> for now and one 10Mbs card for managment purpose.
> Connect that PC on 4 Cisco 4000 switches.
> The Goal of this is to allow multiple users to sniff multiple servers at
> the same time.
This shouldn't be a problem, depending on what you are trying to sniff. If you
mirror a single port to the port connected to the Ethereal terminal, you should
be able to see most of the traffic that flows across the port. However, if the
monitored port is heavily utilized, there will be loss. The only way to achieve
an ALMOST complete capture on a heavily utilized port is to use a larger port
(ie 1000 Mbit/s vs 100 Mbit/s) to capture all of the traffic, or to use an
inline analyzer such as those from WWG. (VERY expensive)
> Is EtherReal will be able to handle multitple simultaneous sessions ?
Yes, you will tell Ethereal which interface to listen to.
> Will I lose some packets if the PC is heavily utilized ?
Absolutely. There is no way to guarantee a 100% complete capture, especially on
a heavily utilized port.
> Should I use Linux on a PC or should look on a Sun workstation or whatever
> plateform ?
Makes no difference. Any PC with a CPU running at 300 MHz or better should be
able to handle the 400 Mbit/s max incoming traffic.
> Right now, money is not and issue and I am looking for a feasable and
> flexible solution.
Money is always an option. If it truely is not, however, check out the inline
analyzers from WWG along with the new Sniffer software from NAI for a real nice
solution. Sniffer still has many more decodes and features. It makes a nice
complement to whatever one is currently using whether that is Ethereal, snoop,
or some other package.
John LeMay Jr.
Senior Enterprise Consultant
NJMC, LLC.
[tag] Make it idiot proof and someone will make a better idiot.
