RE: Port mirroring across multiple switches

["Hasnain Atique" <hatique () hasnains com>]

Collecting ARP is only one of my goals. Eventually, I need to be able to
sniff on all. 


> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu] 
> Sent: Friday, December 05, 2003 8:29 AM
> To: 'Hasnain Atique'; security-basics () securityfocus com
> Subject: RE: Port mirroring across multiple switches
>
>
>   ARP queries are broadcast.  You should be able to sniff 
> them from any port on the right VLAN.  Mirroring is only needed for 
> unicast traffic.
>
> David Gillett
>
>
> > -----Original Message-----
> > From: Hasnain Atique [mailto:hatique () hasnains com]
> > Sent: December 4, 2003 02:23
> > To: security-basics () securityfocus com
> > Subject: Port mirroring across multiple switches
> >
> >
> >
> > What's the best approach to port mirror traffic from multiple
> > switches?
> > Should I enable mirroring on one port of each switch, and 
> then connect
> > those ports to a hub and put my sniffer on the same hub? 
> >
> > My ultimate objective is to collect ARP query information from all 
> > switches.
> >
> > Thanks.
> >
> > -- H
> >
> >
> > --------------------------------------------------------------
> > -------------
> > --------------------------------------------------------------
> > --------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------