We have a long term application performance problem. We need to get a packet capture of when the application misbehaves. Pretty standard stuff. Due to a lot of factors, we anticipate running the capture continously for a few months. (We don't need to store this stuff more than 4 days). Running windows boxes, with wireshark configured with a ring buffer usually gets the job done, but requires quite a bit of care and feeding. (checking it's running, didn't crash, windows didn't do a windows update, etc..) Inexpensive being a relative term, are there any packet capture appliances that people have used with great success? We have about 10 devices, spread across 4 closets. (Some have one device we're interested in, most have two devices). We're only looking at 100Mbit copper connections, pretty low data rates. asked 22 Dec '15, 13:20  Mpking |
2 Answers:
I suggest you to have a look at this similar question: https://ask.wireshark.org/questions/47868/looking-on-recommendationsbest-practices-on-ws-deployment-at-large-data-centers?page=1&focusedAnswerId=47877#47877 answered 23 Dec '15, 11:59  Christian_R |
I suggest use of OpenWrt here so often that I am afraid of getting a ban for that :-) It is a linux distribution for devices with small flash memory, typically home routers, and if you choose a hardware which is equipped with USB ports, you can connect an external disk to it. OpenWrt never checks for updates or automatically reboots, so you may run tcpdump in circular mode forever on it (or at least until the disk gets worn). I suppose you capture on monitoring ports of switches in your closets already now, so you do not need to push the captured traffic through the capturing box. If this is your intention, you would need a setup with independent network cards you could set up as a software bridge together, and the total volume of traffic may be important too, with regard to the available CPU power needed for the software bridging. Both these requirements would push you towards a PC hardware, i.e. losing the advantage of small mechanical footprint and power consumption, but keeping the software advantages of OpenWrt. Use of USB network adaptors is not a good idea for the purpose. If we stay with the plastic boxes, by experience the weakest part of the chain are the external switching power adaptors, so you can feel safe during first year of operation if there is not above 30 °C in the closets and if you power the external disk by its own adaptor, not from the USB. You can extend that period by replacing the adaptors delivered with the router and disk by ones with 1.5 - 2 times higher current rating, as these won't run at their limit 24/7 and thus they will not kill themselves by heat production so quickly. answered 23 Dec '15, 03:25  sindy Thanks, but I was looking for a more an off the shelf solution, as opposed to rolling my own hardware. (06 Jan '16, 06:20) Mpking |
Christian_R, can you post that as an answer? That was exactly what I was looking for, and will mark it as the "answer" if you post it.
@Mpking : No problem. I have done it.