RE: port mirroring for two targets

If u r sniffing a gigabit network the hub option won't be of much use.
Depending on the switch you are using you may be able to configure two
or more ports to monitor 1 port. The best solution would be a
regenerative tap though. Hope that helps :)

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Stephane Boulet
Sent: Wednesday, July 18, 2007 4:31 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: RE: port mirroring for two targets

Plug in a plain old Hub... It will create as many mirrored port as you
want
:)


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On
Behalf Of JGolian@xxxxxxxxx
Sent: 18 juillet 2007 07:41
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: port mirroring for two targets

I need port mirrored data for snort and for ntop.

How to make it? Is possible to create two mirroring ports?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=in
tro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: hub vs switch
    ... monitor the transfer. ... you can get a switch with "port mirroring" ... mirroring" capability. ...
    (comp.os.linux.networking)
  • Re: hub vs switch
    ... monitor the transfer. ... you can get a switch with "port mirroring" ... mirroring" capability. ...
    (comp.os.linux.networking)
  • RE: Network not accessible!!?
    ... So I would say you have some sort of port mirroring on the ... on the switch lately. ... the internet on either one of the two other PC's (named ...
    (microsoft.public.windowsxp.network_web)
  • RE: Multiple port mirroring?
    ... Subject: Multiple port mirroring? ... a mirror of all the traffic traversing the switch). ...
    (Security-Basics)
  • Re: Tracking back internal incidents to users, not IPs
    ... The problem with shutting down the port is that the user is likely to move to another port, and then you have to wait for his machine to start doing Bad Things again, and then shut him down yet again, and then when someone else plugs into the shutdown port, there's a trouble-ticket generated. ... compares the MAC address to the switch's MAC table, ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)