On Mon, Dec 21, 2015 at 04:17:26PM +0000, Gray, Mark D wrote: > Is tcpdump used in large production cloud environments? I would have > thought other less intrusive (and less manual) tools would be used? Isn't > that one of the benefits of SDN.
tcpdump, tshark, wireshark, libpcap, etc. have been used every single place I ever worked, including in production under heavy load. This is because nobody wants to redo the library of many tens of thousands of hours of protocol dissectors. This is also why I am trying to point out what is required to get a solution that I am confident will really work when people are counting on it, which I am concerned the current proposals do not cover. Matthew.
