When it comes to processing performance, buffering or storage capacity, a Laptop is a very cost effective solution. Limitations are mainly caused by its integrated network card. For a 1G NIC, monitoring a 2Gbps in-line gigabit is already a problem, by deciding for a full duplex TAP or an aggregation TAP, you are choosing between visibility and packet losses. Of course, you may add second USB NIC, but in such case the Rx and Tx would be in two separated files, with a probable time difference. This can be very painful, for example, for TCP analysis.

With up to 1.5 Million packets per second, 1Gbps capture is a real challenge for the processor. The NIC driver has to parse the stream in single packets, then the capture driver timestamps each frame and finally the protocol analyzer generates the capture headers and decodes the frames. In this scenario, the CPU is quickly overloaded resulting in packet losses. This loss often occurs at the NIC driver or at the Protocol analyzer. The latter may show a drop counter, while the NIC driver not always count nor report the losses. Packets can simply disappear from your stream without you knowing it.

Specialized hardware is the key.

Dedicated Capture NICs offer solutions to optimize capture performances, reducing the CPU utilization. Aside the performance aspect, they are able to capture any Vlan, encapsulation, non-standard small or jumbo frames. Until now, there was no dedicated capture NIC for Laptop. Hence, for field network troubleshooting, a “laptop only” may not compete with a dedicated handheld troubleshooter or a lunch box PC analyzer.

A new technique from a new player in data capture from your PC!

Comcraft has released its new ProfiShark 1G. The hardware has two 10/100/1000 ports in failure-safe in-line arrangement, and a USB 3.0 for packet capture to a PC. The software bundle includes Windows and Linux drivers and the control software. Full APIs are available for OEM integration. In association with a Laptop computer, the product addresses field engineers for fast troubleshooting network issues. It is designed to overcome the Laptops’ weakness when it comes to in-line monitoring Gigabit networks.

Performance without compromises.

The ProfiShark 1G hardware aggregates the two Gigabit Ethernet streams into a higher bandwidth without any bottleneck. Furthermore, the device is USB powered and proposes extensive features and capturing methods. The ProfiShark 1G includes a high performance direct capture mode. In this configurable mode, the ERF, PCAP or PCAP-NG capture file is hardware generated and streamed to the PC storage, in a single, multiple or ring buffer files. The capture file timestamp comes from an 8 ns resolution hardware clock. The time is applied to each frame before the aggregation or any buffering, exposing the real packet timings. The timestamp can also be appended in normal capture mode. In this mode the packets pass through the standard network stacks to be captured by Wireshark or any other protocol analyzer. The ProfiShark 1G is also capable of slicing packets. It captures CRC errors, any tags or encapsulation and any frame from 10B to 10 KB, in both capture modes.