[rescue] Jeez!!! Are ethernet taps are a racket business?

Mike Johnson mike at enoch.org
Wed Jul 30 21:44:35 CDT 2003

Daniel de Young [daniel at velvetsea.com] wrote:
> It's called port spanning and I believe it's still limited to a single
> VLAN.  I've used it on jobs before, but I'm doing some experimenting
> with IDS and honeynets (among other stuff) and I have to use equipment
> that I can cobble together <grin>.

Span ports, port mirroring, traffic monitoring.  It's got several names.
But depending on your switch, it's not limited to VLANs in any way,
shape, or form.  They can pick up traffic from one or more ports and
copy the traffic to another port, VLANs or no.
> In other words... several Cisco switches are OUT!

Bah.  Might be cheaper than $1500. ;)
> I'll prolly hit up the focus-ids list, but most everybody on there is
> well funded and will not have "cobbled" anything together.

You'll find a mix, but a lot of people will direct you to those nasty
cables, which I hate.

