Security Basics mailing list archives
RE: SPAN Port
From: "Jeff Gercken" <JeffG () kizan com>
Date: Fri, 27 Jan 2006 10:29:26 -0500
It all depends on the switch you're using. The two basic parts of a SPAN session are the source and destination/monitor ports. Most switches only support 1 monitor port per SPAN session but the number of source ports one can listen to varies. You might also be able to SPAN an entire vlan (or more). RSPAN provides for sending to remote monitoring ports by pumping the mirrored traffic through a vlan. Care should be used not to saturate the available bandwidth with RSPAN. Out of band monitoring is a much safer approach. -Jeff -----Original Message----- From: elite.coder () ntlworld com [mailto:elite.coder () ntlworld com] Sent: Sunday, January 22, 2006 5:37 AM To: security-basics () securityfocus com Subject: SPAN Port Hello everyone, Just out of interest, would the SPAN port on a switch replicate traffic between the computers as well as the uplink port. Say if 192.168.0.39 talks to 192.168.0.38, will the SPAN port replicate the traffic between the two computers if they were on the same switch AND if they were on different switches? Thanks, Binks ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --------------------- This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message. ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- SPAN Port elite . coder (Jan 23)
- RE: SPAN Port David Gillett (Jan 24)
- <Possible follow-ups>
- Re: SPAN Port hytham . a (Jan 24)
- RE: SPAN Port Ganesh Iyyappan (IT) (Jan 24)
- RE: SPAN Port Jeff Gercken (Jan 27)