n0x Posted February 22, 2008 Posted February 22, 2008 Cisco Catalyst Switches have a functionality that allows you to span a port for Packet Analysis. See this article for more info: http://www.cisco.com/warp/public/473/41.html Does any one know if there is a Linux application that can duplicate this technology? My goal is to have an in-line device with with two network interfaces that can do port spanning. Quote
Sparda Posted February 22, 2008 Posted February 22, 2008 You could do it with a computer that has three network cards. Bridge two the network cards so they are seamlessly, then route all in bound traffic on the two ports to the third network card, all inbound traffic on the third card should have no route ('null routed'). A WRT can't do this as it only has two network adapters. You need some thing with three network adapters. Perhaps one of those NAS devices that you can install Linux on, plug two additional NIC's in to to it's USB ports. Quote
n0x Posted February 22, 2008 Author Posted February 22, 2008 Thanks Sparda- Question #2- Would I still need 3 Interfaces if the device itself is doing the sniffing? Quote
Sparda Posted February 22, 2008 Posted February 22, 2008 Nope. In this instance you could use a wrt. Quote
3xtr3m31 Posted July 27, 2008 Posted July 27, 2008 I know this may be reaching into the past but, a hub is what you are looking for. A hub is often used because switches used to only have one span port. Quote
Sparda Posted July 27, 2008 Posted July 27, 2008 I know this may be reaching into the past but, a hub is what you are looking for. A hub is often used because switches used to only have one span port. A hub isn't quite right. A hub would be noticeable if you where trying to be stealthy about it (for what ever reason). Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.