 | 1 | initial version |
This is my two cents. -Two 100GB packet capture NIC cards to allow packet captures in full duplex at port speed. Two are needed to capture at port speed of each receive. The capture NIC card is engineered for capturing at port speed. Standard NIC is good for about 70% before it starts dropping packets. - Raid or similar technology of Terabytes of high-speed SSD or hard drives. You must be able to recover if 1-2 drives failed. The size will depend how much that needs to be stored. Hardware filter (before the capture buffer) and slicing will help. Ten seconds of 100G traffic is a lot of data. - Software. I am not sure which software that is best packet capture software. You can try dumpcap or tcpdump first to see if it works. Most software either save the capture files in pcap or the files can be converted to pcap format. - Post packet analysis. Wireshark is probably one of the best packet analysis software. - The last option is purchasing a packet sniffer that is designed for 100G captures at port speed.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
