[Labrea-users] TR: Quastion about maximum subnet size for LaBrea
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
[Labrea-users] TR: Quastion about maximum subnet size for LaBrea
|
From: Gordon, L. <Lor...@te...> - 2004-02-26 19:09:50
|
Interesting question, so am posting on list. lorgor -----Message d'origine----- De : Gordon, Loren=20 Envoy=E9 : 26 mai, 2003 10:57 =C0 : 'Dan G' Objet : RE: Quastion about maximum subnet size for LaBrea Tom Liston is the guru, I'm just a guy hanging around ... You're right about the memory use. Labrea allocates tables for the = capture subnet. And this is pgm memory so that increasing the RAM on the = machine doesn't help of course. There could be a solution if a better data structure was used - maybe a = hash table or something of the sort. However, normally we envison Labrea to = be used on a switch where the maximum number of connected hosts would be something in the order of 2K - 3K. In this kind of environment, a = straight array approach is marginally faster, and a lot easier to implement. In fact, in the new beta version, I reworked one chained list to become = an array which aggravates your problem. I'm really busy right now (having trouble getting the beta out the = door) so if you need this function, you'll have to think about doing your own modification. Would be open to interact so that the mod could be = integrated into the code base and make its way to a future version. One other thing. Should be aware that current version of labrea has = some buffer overflows (which I hope are corrected in the new beta version). Thanks for writing, loren -----Message d'origine----- De : Dan G Envoy=E9 : 23 mai, 2003 18:30 =C0 : lo...@us... Objet : Quastion about maximum subnet size for LaBrea LaBrea Guru.. First of all, I wanted to say LaBrea is a work of art. I've used it at = home Since Oct '01 and have started looking for feasible uses in large-scale networks. I've been testing LaBrea in scenarios where it would capture any = traffic attempting to leave a closed network (like most corporate LANs), but = have run into problems with the maximum subnet size that it can handle. In = this scenario, it would be optimal for LaBrea to capture 0/0. In my = experience, it cannot handle a subnet mask smaller than 5 bits. If I try to assign = a shorter netmask, it says it is unable to allocate memory and exits. = I'm assuming that the larger the subnet, the larger the memory requirement = for LaBrea is, since it can consume ~70M when running with a /5 netmask. However, running this on machines with more RAM doesn't help. Can = LaBrea capture 0/0? Is there a way to work around the memory issue? I = understand that there is a support forum, but I figure there currently aren't many members and I would prefer to not 'announce' any research I'm doing.. If you can offer any insight it would be greatly appeciated.. Dan=20 There are 10 types of people in this world. Those who understand binary, and those who don't. |
