North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Let's talk about Distance Sniffing/Remote Visibility

  • From: Pete Kruckenberg
  • Date: Thu Mar 28 10:14:44 2002

On Thu, 28 Mar 2002 [email protected] wrote:
> It seems to me that the means available are A) a very
> expensive distributed NAI Sniffer installation B)
> standard RMON probes and the NMS of your choice and C) A
> linux box with a ton of interfaces running Ethereal
> accessed via Xwindows/VNC/whatever.

I am starting to deploy GigE as a WAN technology. One nice
benefit is that the equipment (Cisco 6500/7600 class) has
capabilities not usually found in routers (such as remote
port mirroring). Coupled with VLAN ACL's, this can be quite
useful for ad-hoc remote diagnostics.

One particularly interesting adaptation is sFlow (RFC 3176),
currently only implemented by Foundry (I don't know of any
other vendors planning to implement sFlow). sFlow is usually
pitched against Netflow, I see it more as a diagnostic tool.
It works quite like port mirroring, but also allows sampling
and only sends header information to the collection server.