North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Let's talk about Distance Sniffing/Remote Visibility
- From: Travis Dawson
- Date: Thu Mar 28 15:58:20 2002
At 06:27 AM 3/28/2002, CARL.P.HIRSCH@sargentlundy.com wrote:
It seems to me that the means available are A) a very expensive distributed
NAI Sniffer installation B) standard RMON probes and the NMS of your choice
and C) A linux box with a ton of interfaces running Ethereal accessed via
Ran into this and went with C but couldn't fit as many NIC's in
the newly christened sniffer box that I wanted.
My solution was to take an Cisco Cat 2900 (and a Foundry Workgroup switch
later) and I worked up a series of rancid scripts (since changed to SNMP
Set commands in a perl script) that would enable and disable ports along
with setting the port mirroring. This gave me 22 ports to play with, each
into a different switch so that I could directly monitor almost every FE
port in the Co-lo. Its a little 'hacky' but it works surprisingly well
(after a bit of up-front work). I haven't attempted to monitor a GigE port
yet but Im sure that a Cisco Cat 3508 would be able to do the job as well.
Hope this helps someone.
-Network Geek (Bit Pusher)