[unisog] Breaking out single connection to many for monitoring

John Kristoff jtk at depaul.edu
Fri Sep 5 19:21:47 GMT 2003

On Thu, 04 Sep 2003 11:11:08 -0600
David Jager <jager at ucalgary.ca> wrote:

> We're just wondering how others accomplish the task of breaking out a
> single network connection, such as an institution's Internet
> connection, to multiple connections for the purpose of attaching
> various monitoring devices such as sniffers, argus boxes, ids boxes,

> etc. We currently use a NetOptics passive fiber tap in our uplink,

We did some testing with Cisco Catalyst 3500 series switch awhile back
and found that if we took a tapped link and put it on the switch, then
put a static ARP on the ports we wanted to the traffic to be flooded to,
it would send all that traffic to those ports.  This effectively turned
a small switch into a multiport splitter/tap, which I think is what
you're looking to do.  This of course assumes the tapped port is
compatible with the available ports on the switch.


