David Meagher wrote:
Hi,
I've been tasked with spec'ing a capture analysis machine.
It will be used to do analysis of multiple 500mb capture's.
Can some one suggest a spec for a desktop pc to view these on?
Is ram more of an issue than CPU, or perhaps a sata/raid storage?
Hi David,
You might want to take another look at this problem. I've loved using
Ethereal for about 7 years, but sometimes it's not the right tool for
the job. This is especially true when large traces are involved.
I wrote the article "Structured Traffic Analysis" to address how I
analyze traces:
http://www.insecuremagazine.com/INSECURE-Mag-4.pdf
The idea behind STA is to discover traffic of interest without taking
a packet-by-packet approach. Once you use other data to identify
specific packets you want to inspect, then you load a subset of that
traffic into Ethereal/Wireshark.
I never, ever load large traces into Ethereal/Wireshark. That allows
me to analyze just about anything that truly matters on my PIII 750
MHz / 512 MB RAM laptop.
Sincerely,
Richard
http://www.taosecurity.com
PS: I do plan to finally upgrade the laptop this year. I still won't
load large traces, though. :)
