Just saw a program on the Discovery Channel [1] about black boxes on airplanes. Cool stuff, even if the re-enactments were a bit gut renching.
But I started thinking about what it would take to construct a black box for a network. With large fast drives it might be possible to record packets for a network and store them for a period of time. The airline black boxes only record the previous two hours worth of material, continuously overwriting the older material.
The largest ethernet frame is 1514 bytes, so let's round that up to 2K to make it easy to record to disk. Twenty gig drives are pretty common now and fairly cheap. Well, doing the math shows that we can record 10.5 million packets to a 20G drive (using 2K per packet).
So I checked some stats at Atlantic Internet, [2] my current ISP. I checked the primary ethernet network interface and it's currently averaging 6400 packets a second.
The math shows I can store about 27 minutes worth of traffic per 20 gigs.
That's pretty sobering. Ouch.