tag:blogger.com,1999:blog-37798047.post3387581063714826964..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Wireshark "TurboCap"David Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-37798047.post-72506306727886131392009-02-25T20:18:00.000-05:002009-02-25T20:18:00.000-05:00Hmmm, I failed to make it clear. I believe that Tu...Hmmm, I failed to make it clear. I believe that TurboCap PROBABLY works as advertised. It uses an Intel network chip similar to the one I used in BlackICE/Proventia, which has been able to capture, analyze, retransmit at 3-million-packets-per-second SUSTAINED for many years now.<BR/><BR/>WinPcap is very good, better than the AVERAGE Unix/BSD/Linux solution.<BR/><BR/>You do realize that as a libertarian, I am vehemently opposed to net-neutrality, and Vint Cerf's lobbying the government to regulate the Internet on behalf of large monopolies like Google. I have opposed Vint Cerf's leftist politics since the early 1990s.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-70324292092839998062009-02-25T19:38:00.000-05:002009-02-25T19:38:00.000-05:00Rob - I agree that the only analyzers that come cl...Rob - I agree that the only analyzers that come close to FDX 1 or even 10 Gig capture rates are the dedicated hardware ones. That is the reason that people have to learn how to focus on the packet flows that they need to review/troubleshoot - Filtered focus. You cannot swallow an iceberg whole, so you chip out what you need. Even the 1 Gig Sniffer could not handle the 3MPPS most of the time and when it could it was for a very short time.<BR/>However for the money the TurboCap is quite good and has been tested to handle reasonable rates. Remember that ClearSight, Fluke and Wildpackets analyzer use the Wireshark capture and decode engine. I enjoyed your disclosure on how to optimize capture rates as we did learn alot at Sniffer. Try to come to Sharkfest 2009, at Stanford June 15-18 and get to mingle with the developers and see Harry and Len with some other impressive people like Larry Rogers and Stephen Stuart the main developer behind the new Google M-Lab, who works for Vint Cerf.<BR/>A good developer like you might be able to get the Wireshark community excited to use the methods we learned at NGC to make Wireshark better for the ~50 million+ people that have downloaded it. I was at NGC from 88 to 99. We started this industry. TimOAnonymousnoreply@blogger.com