On Wed, 2005-11-30 at 21:21 +0100, Ron Arts wrote: > What we do, is configure a mirroring port on the network switch. > Such a port exactly mirrors the port that is connected to the asterisk box. > If you have enough CPU power on the listening box, you won't miss > a single packet.
And therein lies the problem. The packet filter that is capturing may drop becuase of cpu load or whatnot. On the real box packets that are dropped that way arent processed so it makes a slight difference in terms of the data. A single packet probably wont matter too much, but if you drop every 3rd or so then you will have severe problems. Just makes the cost of the machine potentially higher. Another problem is potentially malformed packets. The recording system should record raw, rather than trying to parse data out for that reason. Its not that uncommon to see programs like ethereal, tcpdump, snort, etc all have specific vulnerabilities where you can segfault the sniffer with a malformed packet (a packet that may not have any effect on the asterisk box btw). -- Trixter http://www.0xdecafbad.com Bret McDanel UK +44 870 340 4605 Germany +49 801 777 555 3402 US +1 360 207 0479 or +1 516 687 5200 FreeWorldDialup: 635378 http://www.sacaug.org/ Sacramento Asterisk Users Group
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
