[unisog] Breaking out single connection to many for monitoring

John Kristoff jtk at depaul.edu
Fri Sep 5 19:21:47 GMT 2003


On Thu, 04 Sep 2003 11:11:08 -0600
David Jager <jager at ucalgary.ca> wrote:

> We're just wondering how others accomplish the task of breaking out a
> single network connection, such as an institution's Internet
> connection, to multiple connections for the purpose of attaching
> various monitoring devices such as sniffers, argus boxes, ids boxes,

> etc. We currently use a NetOptics passive fiber tap in our uplink,

We did some testing with Cisco Catalyst 3500 series switch awhile back
and found that if we took a tapped link and put it on the switch, then
put a static ARP on the ports we wanted to the traffic to be flooded to,
it would send all that traffic to those ports.  This effectively turned
a small switch into a multiport splitter/tap, which I think is what
you're looking to do.  This of course assumes the tapped port is
compatible with the available ports on the switch.

John



More information about the unisog mailing list