Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Let's talk about Distance Sniffing/Remote Visibility

  • From: E.B. Dreger
  • Date: Thu Mar 28 10:04:11 2002

> Date: Thu, 28 Mar 2002 08:27:02 -0600
> From:

> I'd like to hear from the list as to what your preferred means
> of determining what the hell is going on at a packet level at
> the other side of a WAN/MAN/frame/etc link.
> It seems to me that the means available are A) a very expensive
> distributed NAI Sniffer installation B) standard RMON probes
> and the NMS of your choice and C) A linux box with a ton of
> interfaces running Ethereal accessed via Xwindows/VNC/whatever.

[ snip ]

"C" is close.  Not sure what you mean by "a ton of interfaces".
Most (all?) good managed switches have a "monitor port" or
"mirror port" where they can blind copy traffic from other ports
to the one that's set aside for snooping.

Four-port ethernet cards are readily available.  How many
switches do you wish to monitor simultaneously?  Even with only
four ports (more in one box is certainly possible), you can have
a fair amount of traffic to digest.


Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <>
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <>, or you are likely to be blocked.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.