Re: sniffing HTTP traffic to load-balancer on a

[Andrej van der Zee <andrejvanderzee () gmail com>]

Hi,

Thanks for your emails.

I am not sure the type of switch but I am going to try to find out.
Will take some time though.

The idea is to sniff all incoming/outgoing traffic on the WAN side of
the load-balancer, I mean all external traffic of users that visit the
web site hosted through the load-balancer. Does this change anything
regarding the use of "port mirroring"?

Cheers,
Andrej



On Tue, Nov 2, 2010 at 3:44 PM, Guy Harris <guy () alum mit edu> wrote:
> On Nov 1, 2010, at 8:57 PM, Andrej van der Zee wrote:
>
> > Hi,
> >
> > I am looking for a solution that sniffs all HTTP traffic to the
> > load-balancer in a multi-tier web application, but WITHOUT starting
> > tcpdump on the load-balancer itself.
>
> Does the load balancer support some form of "mirror port"?
>
> If so, you might be able to capture on that (although that port would have to support the *total* aggregate traffic 
> through the load balancer...).
>
> If not, is there only one network feeding into the load balancer?
>
>        If so, can you capture on that network with, for example, some sort of tap?
>
>        If not, you presumably can't do this with a single tap, as you'd either have to tap on all the networks going 
> *into* the load balancer or *out of* the load balancer.  You might try running multiple captures and merging them.-
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.



-- 
Andrej van der Zee
Koenji-minami 2-40-19A
Suginami-ku, Tokyo
166-0003 JAPAN
Mobile: +81-(0)80-65251092
Phone/Fax: +81-(0)3-3318-3155
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.