RE: MailCensor 3.0 and a HP Procurve2524

From: Åsmund Myklevoll (aasmund@msn.com)
Date: 06/17/02 

From: "Åsmund Myklevoll" <aasmund@msn.com>
To: johnd@bestpricecruises.com, security-basics@security-focus.com
Date: Mon, 17 Jun 2002 10:26:12 +0200

Hi John

What you are looking for is a "monitor" (HP hardware) or "span" (Cisco
hardware) port on the switch. This will copy all traffic on all ports to
this port so you can sniff it. Check your documentation to check if your
switch has this functionality. If not you can use a hub at the exit point of
the lan to sniff that traffic.

I have no knowledge about how MailCensor 3.0 works, but if it just sniffs
the packets of the wire it should work fine.

As to performance issues on the LAN -> WAN connection with a hub in place,
you will just have to try and see. It all really depends on the intensity of
the traffic. If the server running MailCensor 3.0 can't keep up (the traffic
is too heavy for it, and it starts dropping packets), it won't affect the
traffic to the WAN anyway.

Hope my rambeling answer helps :)

Regards

Aasmund

-----Original Message-----
From: John D from Best Price Cruises [mailto:johnd@bestpricecruises.com]
Sent: 14. juni 2002 17:20
To: Security-Basics Mail List
Subject: MailCensor 3.0 and a HP Procurve2524

My bosses have decided that they want to audit email use by the employees
with out using any software on the users computer. I found MailCensor 3
which lets me capture emails being sent across the lan, but because we
upgraded our old collection of hubs to a couple of HP Procurve 2524
switches, I can no longer capture the email packets being sent by the user's
workstation (Im going out on a limb assuming this is how mailcensor works)
with out having to physically re-route their connection through a hub that
has the computer running MailCensor 3 attached to it. While there is no
major hit to the performance of the users network connection, but if I
start adding more users to the hub their performance suffers greatly. I was
wondering if there is a way to "tell" the HP Switch to broadcast all the
packets sent through it not only to their destination, but also to the port
with the machine running MailCenter 3. (Im sorry in advance if this is a
stupid question, I don't know much about network hardware, but since you
guys have been helpful in the past I figured that you would be able to
either point me in the right direction or smack me in the back of the head
for being stupid)

Thanks in Advance
John
Technical Staff
Best Price Cruises
johnd@bestpricecruises.com

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Relevant Pages

  • Re: Why has my local Ethernet packed up?
    ... gigabit hub and they do seem happy with it. ... I've also got a gigabit switch and a 10/100 hub (both unmanaged Netgear ... I got some new Ethernet cables. ... The port lights on the Gb switch are `on' where there is a cable running ...
    (uk.comp.sys.mac)
  • Re: Ethernet Hub question
    ... >> server I was thinking about getting a hub. ... Simply connect the switch to the LAN port ... is that it auto-detects connection speed on every port. ...
    (alt.os.linux)
  • Re: Why was the hub faster than the switch?
    ... >>>hub, but you can't with a switch. ... > input port to output port. ...
    (comp.dcom.modems.cable)
  • Re: Strange network problem
    ... then connect the hub to the switch. ... directly and would eliminate any problems that a switch would cause. ... >response for a port, it doesn't go through. ...
    (microsoft.public.windows.server.networking)
  • Re: Cat 2924
    ... Copyright 1986-2004 by cisco Systems, ... BOX in both H/W and S/W, compared to a C2924-XL Switch... ... FastEthernet0/1 failed front-end loopback test ... to make the port configuration "visible", you need to apply 2 commands ...
    (comp.dcom.sys.cisco)