Techniques for passive traffic capturing

Justin Shore justin at justinshore.com
Tue Jun 24 09:42:33 CDT 2008


I stumbled across these last night.

http://www.dovebid.com/assets/display.asp?ItemID=cne11811

I don't know anything about them and haven't done any research.  The 
auction description would however lead me to believe that they might be 
useful in this case.  There are many of them listed in the main auction 
catalog.

Justin

Ross Vandegrift wrote:
> Hello everyone,
> 
> Over the past two years, there's been a trend toward doing more and
> more analysis and reporting based on passive traffic analysis.
> 
> We started out using SPAN sessions to produce an extra copy of all of
> our transit links for these purposes.  But the Cisco limits of two
> SPAN sessions per device (on our platforms) is a major limitation.
> 
> Does anyone have a better soultion for more flexible data collection?
> 
> I've been thinking about a move to a system based on optical taps of
> each of the links.  I'd aggregate these links into something like a
> 3750 and use remote-span VLANs to pass the traffic onto servers that
> sniffing on their interface on that 3750.  Do products like the
> NetOptics Matrix Switches offer a substantial advantage?
> 
> Comments or suggestions?
> 
> 




More information about the NANOG mailing list