Is it possible to capture on bundled ports accurately,capturing 4 gb on 1 bg interface looks not feasible but still how? asked 05 Jul '13, 02:25  kishan pandey |
One Answer:
It depends where you want to capture. If you want to capture on a switch, you will have a hard time, because it does not make sense to mirror 4 ports to only one capturing port, as the capturing link can be flooded in case of massive traffic. You can however use a capturing system with 4 interfaces and mirror each of the aggregated (etherchannel) ports to one mirror/monitoring port. If you want to capture on the system that is directly connected to the switch with four adapters (aggregated by the driver - sometimes called adapter teaming), you can try to capture on the aggregated virtual device that will be provided by the driver (run Regards answered 22 Jul '13, 15:38  Kurt Knochner ♦ |
