On May 2, 2008, at 17:46, Guy Harris wrote:
Laurent Chouinard wrote:
So I ask: Is there any hardware product whose sole purpose is to
receive
an ethernet cable and record everything internally? I would leave
that
device for a few days, then collect it, extract the data, and run my
analysis through Wireshark.
There are, I think, a number of companies that sell devices such as
that, e.g. Solera (found by going to the "Sharkfest '08" page from the
Wireshark home page, and looking at the list of Sharkfest sponsors):
http://www.soleranetworks.com/products/capture-appliances.php
and NetScout, as mentioned in another reply:
http://www.netscout.com/products/infinistream.asp
and (if I'm correctly interpreting what the devices do) Network
Instruments:
http://www.networkinstruments.com/products/gigabit/GigaStorProbe.html
and NetQoS:
http://www.netqos.com/solutions/gigastor/index.html
and so on - see the list of vendors of "network monitoring and
management software and appliances" at
http://blog.opusinteractive.com/industry/interop-07-lots-of-
opportunities/
I don't know how much those devices cost, though.
I looked at the above but aside from price, there was the issue that
they're whoppers in terms of size and not something that one could
conveniently lug from client to client if one is an itinerant
consultant (not without awkward boxes and questions from the cops
especially if one is using the New York City subway as transport,
anyway). Just then, a brainwave hit (okay, maybe a larger than
normal brainswell): Why not use a Mac Mini? Just the right size and
price. Compact and portable. Has either an 80GB or 120GB hard drive
with the possibility of attaching external storage via Firewire1.0 or
USB2.0. Comes in protective packaging that resembles a childs' 1950s/
1960s lunchbox. The new models have gigabit NICs as well as 802.11b/
g/n. Seemingly perfect for the job of pure packet capture once
Wireshark is compiled and installed on them and they're set to not go
to sleep on idle while Wireshark is running in capture mode. Any
thoughts?
I know that Laura Chappell mentioned in Sharkfest 2008 the need for
special tools for gigabit packet capture and that gigabit NICs won't
work (I'm a newbie to gigabit packet capture so I'm not clear about
the details since Ms. Chappell made cheetahs look like turtles during
Sharkfest--can someone enlighten me as to why a single gigabit NIC
will not work for full-duplex gigabit packet capture? Does it have
to do with it being lossy due to the speed of the NIC overwhelming
the speed of the data bus on most computers?)
--
Reality Artisans, Inc. # Network Wrangling and Delousing
P.O. Box 565, Gracie Station # Apple Certified Help Desk
Specialist
New York, NY 10028-0019 # Apple Consultants Network member
<http://www.realityartisans.com> # Apple Developer Connection member
(212) 369-4876 (Voice) # (212) 860-4325 (Fax)
