Techniques for passive traffic capturing

• Previous message (by thread): Australian Co-Lo
• Next message (by thread): Techniques for passive traffic capturing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everyone,

Over the past two years, there's been a trend toward doing more and
more analysis and reporting based on passive traffic analysis.

We started out using SPAN sessions to produce an extra copy of all of
our transit links for these purposes.  But the Cisco limits of two
SPAN sessions per device (on our platforms) is a major limitation.

Does anyone have a better soultion for more flexible data collection?

I've been thinking about a move to a system based on optical taps of
each of the links.  I'd aggregate these links into something like a
3750 and use remote-span VLANs to pass the traffic onto servers that
sniffing on their interface on that 3750.  Do products like the
NetOptics Matrix Switches offer a substantial advantage?

Comments or suggestions?


-- 
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37

• Previous message (by thread): Australian Co-Lo
• Next message (by thread): Techniques for passive traffic capturing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]