Pcapsipdump was the tool I needed (this particular situation is pretty low traffic) but this has turned into an interesting discussion... On the subject of packet capture I've always been impressed with Luca's work on ntop, PF_RING, TNAPI, nprobe, etc: http://www.ntop.org/TNAPI.html While I haven't verified the numbers myself it is very interesting work that touches on a lot of technologies at practically every level of commodity hardware (from the C library to the CPU). On Wed, Jun 23, 2010 at 2:56 PM, Nicholas Sten <nicksten at gmail.com> wrote:
If you find yourself in that gray area where COTS hardware can't save the day anymore, but you're not looking to spend Empirix money, Endace makes some really good cards on which to develop your own very robust systems:
-N
-- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com