lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Jun 18 14:13:35 2006 From: seclists at syneticon.de (Denis Jedig) Subject: Sniffing on 1GBps crazy frog crazy frog wrote: > I m just wondering if it is possible to capture the data from a > highspeed NIC card?if it is possible then wht kind of precaution we > have to take so that we does not miss the data? If you want to do this transparently without changing the system tapped, this is typically achieved with the use of dedicated probes which get hooked in between the system and e.g. the switch. The probes are typically equipped with buffer memory and have two output channels to be able to cope up with full duplex operation in real time. Google will help you to find manufacturers: http://www.google.de/search?q=gigabit+ethernet+probe There are some papers dealing with capturing and performance issues on the net, some of them published by members of the Winpcap team: http://www.winpcap.org/docs/iscc01-wpcap.pdf which share the basic idea that filtering should not be done within the application but either in the kernel or in the capturing device to reduce the number of copy operations and thus the load on the capturing system. Denis
Powered by blists - more mailing lists