[unisog] Remote sniffers- what do you use?
david_laporte at harvard.edu
Wed Mar 8 23:33:52 GMT 2006
I second the RPSAN solution. We been using it for several years and
it's been a great troubleshooting tool. If trunking VLANs all over your
core is a problem, you might want to look at ERSPAN. The hardware reqs
are hefty (sup720, I believe), but it accomplishes effectively the same
thing using GRE tunnels and without the risk of spanning tree loops
(bugID CSCsa51770 for more info).
John H. Sawyer wrote:
> Hi Sunia,
> If you are interested in going the cheaper, open source route, it can be
> as easy as deploying a number of Linux/BSD boxes with tcpdump on them.
> You could also use Snort for a little more power. Additionally, if you
> want a web interface with traffic analysis, check out ntop.
> Also, if you have a Cisco infrastructure, take a look at RSPAN that lets
> you configure SPAN ports across multiple switches so you can deploy less
> sniffing hosts.
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
Email: david_laporte at harvard.edu
More information about the unisog