Security Basics mailing list archives
RE: Information on Bandwidth Issues
From: "Burton M. Strauss III" <Burton () FelisCatus org>
Date: Wed, 3 Nov 2004 08:01:36 -0600
IF the total traffic on your switch is less than the capacity of a single port, you can convince the 3Coms to yield up a single stream with what you want. Maybe. Here's what I do. On my 3C1698x switches, I run three VLANs - RED (the inbound 'internet' - with as much external firewalling as you desire), YELLOW - the DMZ/WiFi zone and GREEN (the LAN). I define a 'BLACK' port, which carries all of this between switches using 802.1q encapsulation. At the 2nd switch I then demultiplex it. This gives me the presence of all of the VLANs at both switches. Using a passive Ethernet tap (http://www.snort.org shows how to build them), I can then feed this into ntop. The one problem is that you will probably see duplicate traffic - once on the GREEN (LAN) and once (NATed) on the RED (internet). -----Burton
-----Original Message----- From: Keith Bucknall [mailto:keith.bucknall () zen co uk] Sent: Tuesday, November 02, 2004 10:32 AM To: 'Edgar Zapata'; 'Charles mckee' Cc: security-basics () securityfocus com Subject: RE: Information on Bandwidth Issues Edgar Thanks but I have 3com switches and not cisco? Keith -----Original Message----- From: Edgar Zapata [mailto:ezapata () grupodetector com] Sent: 02 November 2004 10:33 To: keith.bucknall () zen co uk; 'Charles mckee' Cc: security-basics () securityfocus com Subject: RE: Information on Bandwidth Issues Check out this URL http://www.cisco.com/en/US/products/hw/switches/ps628/products_configura tion_guide_chapter09186a008007ebf9.html as well as "port monitor" command. This way you should be able to configure a single port on (at least the 2950) switch that would mirror all the traffic..... That will do. Sorry if I dind't take the time to look in deeper. I know this works. Regards. Edgar Zapata Lucas Departamento Sistemas DETECTOR, S.A. Avda. Industria, 6 Edificio A, 3a planta 28108 Alcobendas - Madrid Tlf: +34-91 490 30 30 - Directo: 91 490 38 80 Fax: +34 91 662 67 04 www.grupodetector.com ezapata () grupodetector com
Current thread:
- Information on Bandwidth Issues Keith Bucknall (Nov 01)
- RE: Information on Bandwidth Issues Kurt (Nov 01)
- Re: Information on Bandwidth Issues Ghaith Nasrawi (Nov 03)
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 03)
- <Possible follow-ups>
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 01)
- RE: Information on Bandwidth Issues Edgar Zapata (Nov 02)
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 02)
- RE: Information on Bandwidth Issues Burton M. Strauss III (Nov 03)
- RE: Information on Bandwidth Issues Ghaith Nasrawi (Nov 12)
- RE: Information on Bandwidth Issues Edgar Zapata (Nov 02)
- Re: Information on Bandwidth Issues Donald Voss (Nov 02)
- Re: Information on Bandwidth Issues tito.basa (Nov 03)