[46426] in North American Network Operators' Group
Re: Let's talk about Distance Sniffing/Remote Visibility
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Thu Mar 28 10:02:35 2002
Date: Thu, 28 Mar 2002 15:02:01 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: CARL.P.HIRSCH@sargentlundy.com
Cc: nanog@merit.edu
In-Reply-To: <OFF4AC5973.6F02CDCE-ON86256B8A.004ECB9A@sargentlundy.com>
Message-ID: <Pine.LNX.4.20.0203281440070.2489-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Thu, 28 Mar 2002 08:27:02 -0600
> From: CARL.P.HIRSCH@sargentlundy.com
> I'd like to hear from the list as to what your preferred means
> of determining what the hell is going on at a packet level at
> the other side of a WAN/MAN/frame/etc link.
>
> It seems to me that the means available are A) a very expensive
> distributed NAI Sniffer installation B) standard RMON probes
> and the NMS of your choice and C) A linux box with a ton of
> interfaces running Ethereal accessed via Xwindows/VNC/whatever.
[ snip ]
"C" is close. Not sure what you mean by "a ton of interfaces".
Most (all?) good managed switches have a "monitor port" or
"mirror port" where they can blind copy traffic from other ports
to the one that's set aside for snooping.
Four-port ethernet cards are readily available. How many
switches do you wish to monitor simultaneously? Even with only
four ports (more in one box is certainly possible), you can have
a fair amount of traffic to digest.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.
