RE: SPAN Port

["Jeff Gercken" <JeffG () kizan com>]

It all depends on the switch you're using.  The two basic parts of a
SPAN session are the source and destination/monitor ports.  Most
switches only support 1 monitor port per SPAN session but the number of
source ports one can listen to varies.  You might also be able to SPAN
an entire vlan (or more).

RSPAN provides for sending to remote monitoring ports by pumping the
mirrored traffic through a vlan.  Care should be used not to saturate
the available bandwidth with RSPAN.  Out of band monitoring is a much
safer approach.

-Jeff


-----Original Message-----
From: elite.coder () ntlworld com [mailto:elite.coder () ntlworld com]

Sent: Sunday, January 22, 2006 5:37 AM
To: security-basics () securityfocus com
Subject: SPAN Port

Hello everyone,

Just out of interest, would the SPAN port on a switch replicate traffic
between the computers as well as the uplink port. Say if 192.168.0.39
talks to 192.168.0.38, will the SPAN port replicate the traffic between
the two computers if they were on the same switch AND if they were on
different switches?

Thanks,

Binks

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management

education and the case study affords you unmatched consulting
experience.

Tailor your education to your own professional goals with degree

customizations including Emergency Management, Business Continuity
Planning,

Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---------------------
This message, including any attachments, contains confidential
information intended for a specific individual and purpose, and is
intended for the addressee only. Any unauthorized disclosure, use,
dissemination, copying, or distribution of this message or any of its
attachments or the information contained in this e-mail, or the taking
of any action based on it, is strictly prohibited. If you are not the
intended recipient, please notify the sender immediately by return
e-mail and delete this message.

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------