North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Let's talk about Distance Sniffing/Remote Visibility
> Date: Thu, 28 Mar 2002 08:27:02 -0600 > From: [email protected] > I'd like to hear from the list as to what your preferred means > of determining what the hell is going on at a packet level at > the other side of a WAN/MAN/frame/etc link. > > It seems to me that the means available are A) a very expensive > distributed NAI Sniffer installation B) standard RMON probes > and the NMS of your choice and C) A linux box with a ton of > interfaces running Ethereal accessed via Xwindows/VNC/whatever. [ snip ] "C" is close. Not sure what you mean by "a ton of interfaces". Most (all?) good managed switches have a "monitor port" or "mirror port" where they can blind copy traffic from other ports to the one that's set aside for snooping. Four-port ethernet cards are readily available. How many switches do you wish to monitor simultaneously? Even with only four ports (more in one box is certainly possible), you can have a fair amount of traffic to digest. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[email protected]> To: [email protected] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[email protected]>, or you are likely to be blocked.