[unisog] Remote sniffers- what do you use?

Russell Fulton r.fulton at auckland.ac.nz
Thu Mar 9 00:50:36 GMT 2006

David LaPorte wrote:
> I second the RPSAN solution.  We been using it for several years and
> it's been a great troubleshooting tool.  If trunking VLANs all over your
> core is a problem, you might want to look at ERSPAN.  The hardware reqs
> are hefty (sup720, I believe), but it accomplishes effectively the same
> thing using GRE tunnels and without the risk of spanning tree loops
> (bugID CSCsa51770 for more info).
I have a bunch of boxes (IBM X306) scattered around the campus located
next to core switches.  We use the cisco spanning stuff to sniff all
traffic onto and off the backbone on one interface.  We have another
interface hooked up to the switch that we can span to anything we want
so the network techs can span any ports on the non backbone side of the
switch to any port right out to the edge.  We dont use this very often
but it has been useful on occasions.

We run snort, argus, tcpdump, ethereal etc on the sensors.


More information about the unisog mailing list