[rescue] Jeez!!! Are ethernet taps are a racket business?
Daniel de Young
daniel at velvetsea.com
Wed Jul 30 20:52:04 CDT 2003
On Wed, 2003-07-30 at 18:15, Curtis H. Wilbar Jr. wrote:
> Depending on your network, many intelligent hubs can have a port set
> for monitoring network traffic. Sometimes the port is no longer good
> for actuall communication, only sniffing... and of course if you have
> more network packets that can flow down that monitoring line, then some
> will get dropped.....
>
> I believe many Cisco's can do this....
It's called port spanning and I believe it's still limited to a single
VLAN. I've used it on jobs before, but I'm doing some experimenting
with IDS and honeynets (among other stuff) and I have to use equipment
that I can cobble together <grin>.
In other words... several Cisco switches are OUT!
I'll prolly hit up the focus-ids list, but most everybody on there is
well funded and will not have "cobbled" anything together.
Thanks tho,
-Daniel
More information about the rescue
mailing list