Packetbeat requirements using a SPAN interface

(Ada Pozo) #1


What are the traffic requirements
of packetbeat in order to capture HTTP transactions from a third
computer using the SPAN interface of a router? Is it mandatory to be the
sender or receiver of the HTTP traffic? If so, is there any way to
override these constraints?

Also, is there any detailed benchmark available about packetbeat performance?


(Carlos Vega Moreno) #2

I would also like to have a detailed test of packetbeat. Other tools like logstash mention some benchmarks but packetbeat documentation just says different results for different capture systems such as pcap, pf_ring and af_packet. They say pf_ring is able to sniff Gigabits per second but there is nothing about packetbeat performance. :confused:

(system) #3