From owner-freebsd-security Tue Oct 8 14:30: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A238337B401 for ; Tue, 8 Oct 2002 14:30:03 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D22643E3B for ; Tue, 8 Oct 2002 14:30:03 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id g98LU3O2004754 for ; Tue, 8 Oct 2002 14:30:03 -0700 (PDT) Received: from bust ([12.38.161.88]) by asmtp01.mac.com (Netscape Messaging Server 4.15) with ESMTP id H3OME200.GVM for ; Tue, 8 Oct 2002 14:30:02 -0700 Date: Tue, 8 Oct 2002 17:30:00 -0400 Subject: Re: Sniffer nic Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: Chuck Swiger To: freebsd-security@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: <20021008205801.M19596@babayaga.neotext.ca> Message-Id: <19A537BF-DB05-11D6-9582-000A27D85A7E@mac.com> X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday, October 8, 2002, at 04:58 PM, Duncan Patton a Campbell is Dhu wrote: > Hmm. I don't know anything about the cards mentioned here > or the application you are putting the sniffer to, but you > should consider whether you need to look outside the usual sense > window for the card -- iff you are looking for network layer > virii or other out-band transmissions. Most people don't pay attention to low-level stuff like ARP/RARP, ICMP redirects, source routing, and so forth-- you're right. However, when packet sniffing, you generally run the network interface in promiscuous mode so that it pays attention to all of the traffic going by on the wire. Someone sending raw 802.3 frames (rather than frames encapsulating IP packets) is still sending packets of data that a sniffer will see. On Tuesday, October 8, 2002, at 05:21 PM, twig les wrote: > What kind of performance increase will I see with a > 64-bit 100BT nic vs the same card running in a 32-bit > slot? I'm tryig to figure out if it's worth the extra > $30 before I tell my boss to get it (well...ask him). A normal 32-bit PCI bus gives you 133 Mb/s of bandwidth, which is enough to saturate a 10/100 card. Of course, if you're doing other things on the machine at the same time, it's nice to put your NIC and other devices on different PCI busses, so there will be some advantage to using the 64-bit PCI slot anyway. A 64-bit slot would be better suited for a 10/100/1000 gigabit ethernet card, or for something like a fast SCSI-3 (Ultra-160) card.... -Chuck Chuck Swiger | chuck@codefab.com | All your packets are belong to us. -------------+-------------------+----------------------------------- "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message