Diana Eichert wrote: > On Wed, 6 May 2009, openbsd misc wrote: > >> On Wed, May 6, 2009 at 3:42 PM, Diana Eichert <deich...@wrench.com> >> wrote: >> >>> We use physical taps at work, when I get the chance I'll take a look at >>> the vendor. >>> >>> Also, you really think you can capture 10GE? Chuckle, good luck.
Pretty hard, but doable with special hardware according to some people (eg not me, not my toys, just forwarding what I read about/know....) DAG cards come to mind: http://www.endace.com/dag-network-monitoring-cards.html which you can stick into most hosts, they sell various 10GE adapters and claim it can do 10GE too. Linux/Windows/FreeBSD drivers available, thus should not be too hard I guess to make an OpenBSD driver (that is depending on documentation available etc...) They claim to be able to even do 40Gbps: http://www.endace.com/guaranteed-packet-capture.html 8<---------------------------------------------------------------- This foundation is totally agnostic, supporting Ethernet and Packet-Over-SONET (PoS), IP and InfiniBand, guaranteeing packet capture, regardless of packet rate and size, at interface speeds up to 40Gbps. ---------------------------------------------------------------->8 And I know for a fact that IBM ISS has a DPI thing which can do 40Gbps++, that is including upto Level 7 analysis... it just depends on what kind of hardware one throws at it ;) Greets, Jeroen (long live IPSEC :) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
