Firewall Wizards mailing list archives
RE: RE: Sniffing out a firewall problem
From: "Chiman" <chiman () hawaiian net>
Date: Mon, 5 Nov 2001 12:58:13 -1000
Just a few points to consider in this, some will be obvious to a lot of folks. 1.) In a switched environment, remember that a device on a single port won't see broadcast packets on another port. 2.) Someone mentioned looking at switch for colls, routers can also collect logs, on the "backbone", but be careful not to turn on too much logging, and killing the performance of the router. 3.) lastly remember that when snooping from a unix box you won't see errs or outflowing traffic that, *that* deivce (the one doing the snooping) is creating. snoop(1M), at least, looks outward. -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Robert McMahon Sent: Sunday, November 04, 2001 8:09 AM To: Ryan Russell; Peter Lukas Cc: ayoung () veros com; firewall-wizards () nfr com Subject: RE: [fw-wiz] RE: Sniffing out a firewall problem Related to this is that hubs (which by their nature share a collision domain), operate at only half-duplex. I agree with Ryan, in that you have to compare with total traffic. I use to raise a flag (and look at segmenting) when collision rate > 3-5 % in the days I use to run a hub architecture. I recall an O'Reilly book on "performance tuning" (has a swordfish on cover), which is a great book that addresses these concerns. Switches are not subject to having "polite" converstations, therefore, can listen and reveive at same time - full duplex. /rm -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Ryan Russell Sent: Saturday, November 03, 2001 8:39 PM To: Peter Lukas Cc: ayoung () veros com; firewall-wizards () nfr com Subject: Re: [fw-wiz] RE: Sniffing out a firewall problem On Sat, 3 Nov 2001, Peter Lukas wrote:
You'll get some pretty useful stats. Typically, any system with Ierrs, Oerrs or Collis will be experiencing a problem. Check caples, duplex settings and of course, the card /switch port itself.
Please be careful about making blanket statements about collisions automatically meaning problems. On any connection that is supposed to be half-duplex Ethernet-style, collisions are perfectly normal, and you have to measure collisions against total traffic to even have a rudimentary problem measurement. Sorry, it's a pet peeve of mine. When I used to be primarily a network engineer, I would have systems administrators come to me and report that the system was reporting collisions, please fix the network. I'd reply that it was running half-duplex. <blank stare> Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Sniffing out a firewall problem Thomas Ray (Nov 03)
- RE: Sniffing out a firewall problem Alan Young (Nov 03)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 03)
- Re: RE: Sniffing out a firewall problem Ryan Russell (Nov 04)
- RE: RE: Sniffing out a firewall problem Robert McMahon (Nov 05)
- RE: RE: Sniffing out a firewall problem Chiman (Nov 06)
- RE: RE: Sniffing out a firewall problem Anton (Nov 13)
- Re: RE: Sniffing out a firewall problem Pierre-Yves BONNETAIN (Nov 09)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 03)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 05)
- RE: Sniffing out a firewall -SNORT blew up registrty Chiman (Nov 06)
- RE: Sniffing out a firewall problem Alan Young (Nov 03)
- <Possible follow-ups>
- Re: RE: Sniffing out a firewall problem TDyson (Nov 03)
- Re: RE: Sniffing out a firewall problem Gregory Hicks (Nov 05)
- Re: RE: Sniffing out a firewall problem Barney Wolff (Nov 08)
- RE: RE: Sniffing out a firewall problem Carl Friedberg (Nov 09)
- Re: RE: Sniffing out a firewall problem Stephane Nasdrovisky (Nov 09)