Re: [Full-disclosure] Sniffing on 1GBps



Denis Jedig wrote:
There are some papers dealing with capturing and performance issues on
the net, some of them published by members of the Winpcap team:
http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic
idea that filtering should not be done within the application but
either in the kernel or in the capturing device to reduce the number
of copy operations and thus the load on the capturing system.
You probably need to use a statefull load balancer in order to split the
traffic between different probes (or different load balancers with
probes behind) and get the opportunity to do real-time analysis
(parametric interception).

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/