Re: Madness
Not really madness. When engineers like myself talk about sniffing traffic, we are more interested in the performance of the underlying network.
The probes in question are really more for Service Assurance as opposed to intercept - probe vendor examples are Accedian, JDSU, Spirent etc. We are talking different things.
Intercept is typically done at CLI level i.e. lawful-intercept command, built into most Internetworking OS systems.
One Vendor example of this is below:
http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/ht_ssi.html
Other Vendors are of course available (Juniper, Alu, Huawei et al), but all must enable the same thing in the OS with no exception.
The challenge we face on the Service Assurance front with MSTCP is correlating the streams to understand how the underlying network is performing. The probe vendors will eventually suss this out via standards and the security guys will also need to do the same.
Those of us in the OSS space ingest all of this probe data and conduct analytics on it to correlate network events. The ISP or CP can then act accordingly; network config, billing rec, SLA management (i.e. am I claiming or paying credits) etc.
Challenges in networking always exist, this is just another that is aimed to the probe vendors, security guys and the network guys.
Network Guy