[unisog] Remote sniffers- what do you use?

David LaPorte david_laporte at harvard.edu
Wed Mar 8 23:33:52 GMT 2006


I second the RPSAN solution.  We been using it for several years and
it's been a great troubleshooting tool.  If trunking VLANs all over your
core is a problem, you might want to look at ERSPAN.  The hardware reqs
are hefty (sup720, I believe), but it accomplishes effectively the same
thing using GRE tunnels and without the risk of spanning tree loops
(bugID CSCsa51770 for more info).

David

John H. Sawyer wrote:
> Hi Sunia,
> 
> If you are interested in going the cheaper, open source route, it can be
> as easy as deploying a number of Linux/BSD boxes with tcpdump on them.
> You could also use Snort for a little more power. Additionally, if you
> want a web interface with traffic analysis, check out ntop.
> http://www.ntop.org/overview.html
> 
> Also, if you have a Cisco infrastructure, take a look at RSPAN that lets
> you configure SPAN ports across multiple switches so you can deploy less
> sniffing hosts.
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swspan.htm
> 
> -jhs

-- 
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
  PGP: 0x4DC3E508
       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508



More information about the unisog mailing list