Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

A 10GE monitoring system

network, sniffer
Arien Vijn
Chaos Communication Congress 23th (23C3) 2006
Indexed on
Mar 27, 2013
File name
File size
274.7 KB

Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !