Submission + - Solved: Lossless Gigabit Packet Capture with Linux (

Corey Satten writes: "If you thought linux was inept at capturing packets because Tcpdump and WireShark drop lots of packets, think again! New software, named Gulp, can capture a gigabit/sec on ordinary/modest PC hardware running stock linux and write it all to disk dropping NO packets. The tricks, writeup, source code, manpage, limitations (and suggested enhancements to linux) are all available at

As an added bonus, Gulp can capture and decapsulate Cisco's "Encapsulated Remote SPAN ports" allowing (authorized) mirroring and capturing of packets from "anywhere" on a campus network (anywhere the router can be configured to send them)."

