In article , ips20 wrote: :We need to capture all the traffic of a dedicated segment for a long period, :say more than 24 hours. Any freeware or commercial products can do it.
How much data are you anticipating? What is the maximum filesize of the operating system you intend to use? Do you have enough disk space for the capture?
Do you need anything special about the output files? For example, is "flat file" acceptable, or does it have to put the packets into a database so that you can do SQL queries against the packets? Even if you are using flat-file, do you need something like automatic building of indicies so that you can easily start processing the raw data from (say) any given 10 minute boundary?
It would be fairly easy to tape tcpdump or ethereal and modify it so that it kept track of how much data had been written and started a new file every 2 Gb. Having them do one file per hour (say) would be a bit more tricky because packets are not always delivered to the unix 'snoop' interface in precise chronological sequence, so if one were to start a new file the first time one saw a packet belonging to the new hour, then one would risk saving a small number of packets from the previous hour in the new file as well.