[105463] in North American Network Operators' Group
Re: Techniques for passive traffic capturing
daemon@ATHENA.MIT.EDU (Justin Shore)
Tue Jun 24 10:42:59 2008
Date: Tue, 24 Jun 2008 09:42:33 -0500
From: Justin Shore <justin@justinshore.com>
To: Ross Vandegrift <ross@kallisti.us>
In-Reply-To: <20080623203216.GC18464@kallisti.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
I stumbled across these last night.
http://www.dovebid.com/assets/display.asp?ItemID=cne11811
I don't know anything about them and haven't done any research. The
auction description would however lead me to believe that they might be
useful in this case. There are many of them listed in the main auction
catalog.
Justin
Ross Vandegrift wrote:
> Hello everyone,
>
> Over the past two years, there's been a trend toward doing more and
> more analysis and reporting based on passive traffic analysis.
>
> We started out using SPAN sessions to produce an extra copy of all of
> our transit links for these purposes. But the Cisco limits of two
> SPAN sessions per device (on our platforms) is a major limitation.
>
> Does anyone have a better soultion for more flexible data collection?
>
> I've been thinking about a move to a system based on optical taps of
> each of the links. I'd aggregate these links into something like a
> 3750 and use remote-span VLANs to pass the traffic onto servers that
> sniffing on their interface on that 3750. Do products like the
> NetOptics Matrix Switches offer a substantial advantage?
>
> Comments or suggestions?
>
>
