Hi John, You might want to check out www.opencalea.org. We have just released opencalea-lite which is a complete re-write of the original opencalea software. OpenCalea-lite is a much better and cleaner re-write(we learnt from our mistakes in the previous releases). One of the problems of the original version was that we were getting bogged down in details over the precise standard format instead of making the core more stable. OpenCalea-lite takes a step back form this and aims at doing well the essense of what packet taps should be able to. It has a nice clean tap/controller/collector architecture which is much more robust. Taps will register with the controller irrespective of which is started first. Process control has also been improved. Starting and stopping taps is handled in a much cleaner way. In addtion TCP streams are used to transfer data. We were about to send out an announcement regarding opencalea-lite on the opencalea@merit.edu mailing list. Aside from calea requirements opencalea-lite is actually a fairly good platform for running remote-taps in your network. -manish
Message: 4 Date: Tue, 29 Jul 2008 16:10:09 -0700 (PDT) From: "John A. Kilpatrick" <john@hypergeek.net> Subject: Hardware capture platforms To: nanog@merit.edu Message-ID: <20080729155511.R42026@iama.hypergeek.net> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
We've deployed a bunch taps in our network and now we need a platform on which to capture the data. Our bandwidth is currently pretty low but I've got 8 links to tap, which means I need 16 ports. Has anyone done any research on doing accurate packet capture with commodity hardware?
-- John A. Kilpatrick john@hypergeek.net Email| http://www.hypergeek.net/ john-page@hypergeek.net Text pages| ICQ: 19147504 remember: no obstacles/only challenges