Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] ios/cisco packet sniffer...

From: James Mancini <jmancini () NETREO NET>
Date: Thu, 2 Nov 2000 09:02:15 -0800
I'm not sure if this is relevent but if the question is how to Packet Sniff
in a cisco routed switched environment then we always just dump all of our
traffic into a single 3548. Then we build VLAN's for everything, then

output

each port to a SPAN port than dump all those SPAN ports to a hub which
forwards everything to a router that points to our back-office via a Point
to Point. Seems to work really well.


The issue here would be one of bandwidth; on a really busy network you're
going to be dropping 99%+ of the traffic, and your captures won't be very
representative, unless you only need to do "statistical sampling" of the
data and not any in-depth troubleshooting. I prefer remote sniffing
capability using SPAN and ESPAN to tunnel the data to a local device. Still
not perfect, but you can usually achieve 80-95% capture rates if your
sniffer is fast enough.
Previous By Date Next
Previous By Thread Next

Current thread: