|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jean-Francois Dive (jef_at_linuxbe.org)
Date: Tue Oct 01 2002 - 17:34:27 CDT
Hub: the most easy bit, but does not fit in most environement due to the
lack of hub , adding one beeing somehow seen as a problem (hardware
quality, etc..etc..).
Tap: An easy way to the do, but may be expensive in certain case and may
need a shutdown of the network when setting up and is not very easy to
move, change the traffic beeing monitored.
SpanPort: clearly the most easy and flexible solution, but need to be
used smoothly as it could kill your switch.It however give you the great
possibility to change the traffic beeing monitored.
(tip: on a cisco catalyst, use spanport and set the port as a trunk: you
have the vlan tags on the packet as well, which is cool for traffic
repartition and analysis, this at least used to work on a 5500 when i
tested it a year ago).
Jochen Vogel wrote:
> hi,
>
> what are the pros and cons between capturing on an Hub, Tap or SpanPort?
>
> thx for infos
> Jo
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]