Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Let's talk about Distance Sniffing/Remote Visibility

  • From: CARL.P.HIRSCH
  • Date: Thu Mar 28 10:45:26 2002


Yeah, the device I've got in my head is a 1U server with 4 (or more?)
interfaces... not so much to simultaneously pull 400Mbps of bandwidth for
analysis but rather to just have a interface going to each switch I might
want to monitor and then span traffic to the Ethereal box. Given that I'm
trying to attain remote visibility, it might be nice not to need remote
hands to be swapping patch cords back and forth.

I'm imagining that even with a relatively speedy box, if you were trying to
do analysis from multiple interfaces you'd at least choke the disk I/O.
There's always stringent filters, I guess.

thanks for the input,
-carl



                                                                                                                    
                    "E.B. Dreger"                                                                                   
                    <eddy+public+spam@noc.ever        To:     CARL.P.HIRSCH@sargentlundy.com                        
                    quick.net>                        cc:     nanog@merit.edu                                       
                    Sent by:                          Subject:     Re: Let's talk about Distance Sniffing/Remote    
                    owner-nanog@merit.edu             Visibility                                                    
                                                                                                                    
                                                                                                                    
                    03/28/02 09:02 AM                                                                               
                                                                                                                    
                                                                                                                    



"C" is close.  Not sure what you mean by "a ton of interfaces".
Most (all?) good managed switches have a "monitor port" or
"mirror port" where they can blind copy traffic from other ports
to the one that's set aside for snooping.

Four-port ethernet cards are readily available.  How many
switches do you wish to monitor simultaneously?  Even with only
four ports (more in one box is certainly possible), you can have
a fair amount of traffic to digest.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.









Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.