What are the traffic requirements
of packetbeat in order to capture HTTP transactions from a third
computer using the SPAN interface of a router? Is it mandatory to be the
sender or receiver of the HTTP traffic? If so, is there any way to
override these constraints?
Also, is there any detailed benchmark available about packetbeat performance?