Security Basics mailing list archives
RE: Port mirroring across multiple switches
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 4 Dec 2003 16:28:34 -0800
ARP queries are broadcast. You should be able to sniff them from any port on the right VLAN. Mirroring is only needed for unicast traffic. David Gillett
-----Original Message----- From: Hasnain Atique [mailto:hatique () hasnains com] Sent: December 4, 2003 02:23 To: security-basics () securityfocus com Subject: Port mirroring across multiple switches What's the best approach to port mirror traffic from multiple switches? Should I enable mirroring on one port of each switch, and then connect those ports to a hub and put my sniffer on the same hub? My ultimate objective is to collect ARP query information from all switches. Thanks. -- H -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Port mirroring across multiple switches Hasnain Atique (Dec 04)
- Re: Port mirroring across multiple switches Peter Schawacker (Dec 04)
- RE: Port mirroring across multiple switches Hasnain Atique (Dec 05)
- RE: Port mirroring across multiple switches David Gillett (Dec 05)
- RE: Port mirroring across multiple switches Hasnain Atique (Dec 05)
- RE: Port mirroring across multiple switches Tim (Dec 05)
- <Possible follow-ups>
- RE: Port mirroring across multiple switches Thomson, Stuart A. (Dec 05)
- RE: Port mirroring across multiple switches Hagen, Eric (Dec 05)
- Re: Port mirroring across multiple switches Peter Schawacker (Dec 04)