Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Let's talk about Distance Sniffing/Remote Visibility

  • From: Travis Dawson
  • Date: Thu Mar 28 15:58:20 2002

At 06:27 AM 3/28/2002, CARL.P.HIRSCH@sargentlundy.com wrote:
It seems to me that the means available are A) a very expensive distributed
NAI Sniffer installation B) standard RMON probes and the NMS of your choice
and C) A linux box with a ton of interfaces running Ethereal accessed via
Xwindows/VNC/whatever.

Ran into this and went with C but couldn't fit as many NIC's in the newly christened sniffer box that I wanted.
My solution was to take an Cisco Cat 2900 (and a Foundry Workgroup switch later) and I worked up a series of rancid scripts (since changed to SNMP Set commands in a perl script) that would enable and disable ports along with setting the port mirroring. This gave me 22 ports to play with, each into a different switch so that I could directly monitor almost every FE port in the Co-lo. Its a little 'hacky' but it works surprisingly well (after a bit of up-front work). I haven't attempted to monitor a GigE port yet but Im sure that a Cisco Cat 3508 would be able to do the job as well.

Hope this helps someone.

-tdawson
-Network Geek (Bit Pusher)
-BlueMartini Software




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.