Has anyone had problems with using current Intel quad ethernet cards for packet capture? As a proof-of-concept test we bought an Intel PWLA8494GT and hooked it up to some Network Critical taps. There was a very strange issue with corruption of the captured packets. The *only* issue (but it's a big one) is that the source IP on some captured packets is munged. As far as I can tell that's the *only* issue with the packet captures - no other data is corrupted.
Oh, and to rule out other issues:
1. Corruption seen both when using network taps and when using a port span/mirror (so it's not the taps). 2. Corruption *not* seen using the on-board broadcom nics of the test host (so it's not the box).
So I'm pretty sure we narrowed it down to the card. We tried the card in an indentical host and saw the same problems.
I thought it might be a driver issue - I tried both gentoo and FreeBSD (not sure how different the drivers are) just to see if it mattered at all and it didn't. Much googling didn't show this to be a known issue - just wondering if anyone else has seen it? Other recommendations welcome - the next step is, I suppose, a broadcom-based PCI-X card. (I've got some old pizza boxes I'm trying to repurpose as network probes.)
Thanks, John Does this device provide 4 unique mac-addresses ? Reason for
Yea cards are default for separate physicals MACs, since they are supported by individual net chips. The only time one would see a "logical" Mac, is when the ports are trunked, and this is driven by software. Jay Murphy IP Network Specialist NM Department of Health ITSD - IP Network Operations Santa Fe, New Mexico 87502 Bus. Ph.: 505.827.2851 "We move the information that moves your world." -----Original Message----- From: Mr. James W. Laferriere [mailto:babydr@baby-dragons.com] Sent: Monday, February 16, 2009 11:39 AM To: John A. Kilpatrick Cc: nanog@nanog.org Subject: Re: Capture problems with Intel quad cards? Hello John , On Sun, 15 Feb 2009, John A. Kilpatrick wrote: the question is some old(I mean old) multiport cards presented a single mac-address because the were driven by a single 'Switch chip' . Just a thought . I've been looking a the Intel site gandering over the overview & have not seen anything to relieve my concern . But one Hopes they have learned not to create themselves such a problem . Hth , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr@baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ ______________________________________________________________________ This inbound email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.