[unisog] Remote sniffers- what do you use?

David LaPorte david_laporte at harvard.edu
Wed Mar 8 23:33:52 GMT 2006

I second the RPSAN solution.  We been using it for several years and
it's been a great troubleshooting tool.  If trunking VLANs all over your
core is a problem, you might want to look at ERSPAN.  The hardware reqs
are hefty (sup720, I believe), but it accomplishes effectively the same
thing using GRE tunnels and without the risk of spanning tree loops
(bugID CSCsa51770 for more info).


John H. Sawyer wrote:
> Hi Sunia,
> If you are interested in going the cheaper, open source route, it can be
> as easy as deploying a number of Linux/BSD boxes with tcpdump on them.
> You could also use Snort for a little more power. Additionally, if you
> want a web interface with traffic analysis, check out ntop.
> http://www.ntop.org/overview.html
> Also, if you have a Cisco infrastructure, take a look at RSPAN that lets
> you configure SPAN ports across multiple switches so you can deploy less
> sniffing hosts.
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swspan.htm
> -jhs

David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
Email: david_laporte at harvard.edu
  PGP: 0x4DC3E508

More information about the unisog mailing list