Re: [Full-disclosure] Sniffing on 1GBps

Denis Jedig wrote:
There are some papers dealing with capturing and performance issues on
the net, some of them published by members of the Winpcap team: which share the basic
idea that filtering should not be done within the application but
either in the kernel or in the capturing device to reduce the number
of copy operations and thus the load on the capturing system.
You probably need to use a statefull load balancer in order to split the
traffic between different probes (or different load balancers with
probes behind) and get the opportunity to do real-time analysis
(parametric interception).


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -