What's the best way to wiretap a network?

• Previous message (by thread): What's the best way to wiretap a network?
• Next message (by thread): What's the best way to wiretap a network?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	I'd have to say this depends on the media involved.

	ethernet switches allow the monitoring of specific ports (or entire
vlans) in most cases.  This can be done without impact (assuming nobody
goofs on the ethernet switch config) to other people and limit the scope
of packets inspected.

	Various vendors have their own monitoring solutions and port
replication features.  I seem to recall one customer of my employer
saying how much they enjoyed the ability to tcpdump/inspect traffic
on their Juniper routers.  (with regards to a DoS attack we were working
on tracking).

	- Jared

On Sat, Jan 17, 2004 at 09:08:22PM -0500, Sean Donelan wrote:
> Assuming lawful purposes, what is the best way to tap a network
> undetectable to the surveillance subject, not missing any
> relevant data, and not exposing the installer to undue risk?

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

• Previous message (by thread): What's the best way to wiretap a network?
• Next message (by thread): What's the best way to wiretap a network?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]