[c-nsp] multicast issue

Chris Marget chris at marget.com
Wed Jul 17 12:28:40 EDT 2013

> If I get your description you have the tap (which vendor? ) at source and
> destination (I guess in span mode?),  these taps send data to niksun
> appliance (which model?) that create the pcap and then you can analyse for
> example with wireshark these files,  am I correct?

The taps were NetOptics iTaps, but didn't need to be. The important
part of the tap was the optical splitter, which is usually around US
$300 for a duplex unit.

Span mode? Nope. Just an optical splitter at the carrier handoff.

The Niksun was a NetVCR appliance of some sort. I just used it for
capture, not analysis. I'd probably have been happier with a Linux
system and a hardware capture card (endace, napatech, etc...), but
this environment tended to prefer gold-plated appliances rather than
homegrown solutions.

The whole system was put together in order to demonstrate whether my
gear (enterprise routers/switches/firewalls) were delivering data from
the transit provider's handoff down to the servers. By storing every
packet that crossed the various handoffs (into my equipment at one
end, and out of it at the other end), I could prove to the pricing
feed people whether I was responsible for any problems they were

Wireshark was one of the analysis tools I used, but it was not
particularly helpful for the protocols I was transporting. The links I
shared previously detailed some of the analysis techniques.


