|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: routing sniffed traffic
On Thu, Oct 07, 2004 at 09:43:47PM +0100, Stephen J. Wilcox wrote: [switching/routing traffic from a passive tap] > Hi Peter, > if you are feeding this into a switch you should be able to switch it > just like the real traffic.. ie plug your fibers into gbics on > whatever switch you want to use, i dont see any special requirements for > this application I have no practical experience on that, I always used the monitor directly on the Tap, but I see a theoretical problem: Where does the switch switch it to? The Target MAC of the packet coming from the Tap will be still pointing to the device in the production network. The switch in the management network will not know where to switch it to, as there is no device with the same mac in his ARP table. If you want to route it you will run into the same problem: The copied ethernet frame is not addresses to the router in the monitoring network, so it will not accept the Ethernet frame. Maybe you could do something with faking the MAC on the router in the monitoring network to be the same as the MACaddress of the target in the production network, but it feels like a dirty hack. Or am I missnig something obvious here? Nils
|