Wireshark-users: [Wireshark-users] Wireshark & monitoring in the enterprise environment
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: mv652@xxxxxxxxxxxx
Date: Mon, 09 Feb 2009 02:29:19 -0700
In my opinion, I think you've written a well documented introduction for anyone looking to monitor Financial Trading (or similar) Data. It gives a very nice and simple methodology to get a 'general feel' for the traffic passing over the network. One caveat I'd add with regards to monitoring Financial Trading activity (and I'm happy if anyone can explain any different), is that this is good for a general network data analysis. For high-frequency algo-type trading activity, wireshark seems to have found it's limitation (at least for the moment). The granularity of the wireshark I/O is at a minimum of 0.001sec (1 millisecond). In high-frequency trading we are now monitoring at the depths of microseconds (0.000001 sec) as opposed to milliseconds. There are two problems as a consequence: 1) The NIC used for 'monitoring' is unable to poll at these levels (CACE's TurboCap only provides 3-5 microsecond granularity, and this is a 'specialized' monitoring card) 2) Wireshark does provide microsecond timsetamps for the data, but the accuracy of the data is questionable, dependable on the hardware used and other processes occuring at the time on the monitoring system.
Please don't get me wrong. I think wireshark is a fantastic network analysis tool and a lot of good work has been done by the authors and the community to make it the great piece of software it is today. Just to point out that I think you should indicate there is a limitation to the analysis of data that can be captured. I only say this purely due to the fact the document been written analysing Financial Trading traffic. 

Regards,
Mario
---------------------------------------------------------------------- 
Message: 1
Date: Sun, 08 Feb 2009 20:30:36 +0100
From: Martin Sustrik <sustrik@xxxxxxxxxx>
Subject: [Wireshark-users] Wireshark & monitoring in the enterprise
     environment
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <498F32DC.8070604@xxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi all, 
I've written an article about monitoring business data, things like
"invoices" or "stock quotes", using Wireshark: http://www.zeromq.org/code:traffic-monitoring 
If there's anybody interested in business messaging on the list I would
appreciate any pointers to handy and/or fancy features, tips & tricks
etc. with respect to monitoring and analysis of network data in the
enterprise environment. 
Thanks.
Martin