[PLUG] help with switches
Paul Heinlein
heinlein at madboa.com
Mon Feb 5 22:43:51 UTC 2007
On Mon, 5 Feb 2007, Carla Schroder wrote:
> I'm having a hard time finding an answer to what seems to be a
> simple question- what Ethernet switches include monitor ports for
> sniffing all network traffic? I assume that unmanaged switches don't
> have this, though it would be nice to be wrong because they're
> inexpensive. I've been looking at all kinds of managed and 'smart'
> switches, and I'm not seeing anything in their specs that sounds
> like what I'm looking for. Is there some magic buzzword I should be
> looking for? got any specific models to recommend?
In Cisco land, the magic buzzword is "span port" (SPAN == Switch Port
ANalyzer; note that traffic passed to a span port has gone through IOS
error checking, so it's not a "raw" stream of packets). 3com switches
use "Monitor ports."
Other folks like Network Critical (www.criticaltap.com) market "TAP"
products that sit in front of or behind a router. They essentially
duplicate the live stream, one branch heads to the router, the other
to the Intrusion Detection System (or the Bush Administration, if
you're AT&T).
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
More information about the PLUG
mailing list