North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: What's the best way to wiretap a network?
We've been using Shomiti taps for several years with good effect. All they do is copy all the data going through a segment (100bT in our case) to two ports, one for inbound, another for outbound. Now Finisar, they sell both copper and fiber taps for a variety of media, including Ethernet from 10Mbps to 10Gbps. They have been rock-solid, never missing a packet, and isolate the sniffer from the rest of the network. Of course, you then need to choose a packet analyzer/IDS to use with the tap. Doug On Sat, 17 Jan 2004, Jared Mauch wrote: > > I'd have to say this depends on the media involved. > > ethernet switches allow the monitoring of specific ports (or entire > vlans) in most cases. This can be done without impact (assuming nobody > goofs on the ethernet switch config) to other people and limit the scope > of packets inspected. > > Various vendors have their own monitoring solutions and port > replication features. I seem to recall one customer of my employer > saying how much they enjoyed the ability to tcpdump/inspect traffic > on their Juniper routers. (with regards to a DoS attack we were working > on tracking). > > - Jared > > On Sat, Jan 17, 2004 at 09:08:22PM -0500, Sean Donelan wrote: > > Assuming lawful purposes, what is the best way to tap a network > > undetectable to the surveillance subject, not missing any > > relevant data, and not exposing the installer to undue risk? > > -- > Jared Mauch | pgp key available via finger from email@example.com > clue++; | http://puck.nether.net/~jared/ My statements are only mine. >