 smunro622Premium
join:2006-02-15
Madison Heights, MI | Span ports does anyone know if you can do port mirroring on smoothwall, untangle, pfsense or astaro.
I have a sonicwall tz200 that cant do this and i do not want to throw a hub inline to get this traffic.
I have a linksys srw2024 but it is not really doing a good job of it... |
|
BinkVillains... knock off all that evil
join:2006-05-14
Denver, CO
kudos:4 | Usually this is a feature of your switch… |
|
smunro622Premium
join:2006-02-15
Madison Heights, MI | reply to smunro622
agreed... the switch i have is doing a crappy job, i this is why i am asking here... the switch i have is a linksys srw2024 and it does port mirroring very poorly. With the holidays i dont want to spend money on a new switch right now.. |
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | The mirroring needs to be done on HW level otherwise it will be slow and crappy. What I'm trying to say, if smoothwall, untangle, pfsense or astaro can do this it will be SW mirroring and thus slow.
Managed switch is your best bet. |
|
| reply to smunro622
Probably all of those firewalls include tcpdump; pfsense does for sure. However the firewall only sees the frames that arrive there, not the unicast stuff within the segment, hence the recommendation for a hub or switch.
--
db |
|
| reply to smunro622
I would Highly recommend a 4 port hub to do that job @ a cheap cost. |
|
smunro622Premium
join:2006-02-15
Madison Heights, MI | reply to smunro622
yeah i know that is what i was trying to avoid...i have a old linksys 5 port 10/100 hub, not that that it is going to kill me cable connection so i wasnt to worried just looking for something a little bit more proper. |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | Check this other thread, we've just discussed some options for managed switches that can do this and are not expensive »Re: Rogue/faulty device eating all bandwidth. Need to find it. |
|
smunro622Premium
join:2006-02-15
Madison Heights, MI | reply to smunro622
i want to do a SG300-28 (SRW2024-K9-NA) Managed Switch it is about $600. |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | That is certainly an option that will work  |
|
smunro622Premium
join:2006-02-15
Madison Heights, MI | reply to smunro622
no matter what i have tried it just wont work is th frustrating part,
port 24 is setup as my source port and 23 is the target, i am doing both rx and tx. they now longer do firmware for this as i am on version 1.2.2b and the product is no longer made... |
|
|
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 Reviews:
 ·Bell Fibe
| On switches I've seen the mirroring will stop if your connecting computer starts any transmission. So I have 2nd NIC in my monitoring PC connected to monitoring port. That NIC doesn't have any IP assigned just to be sure it does not start transmit/broadacast anything. Sniffing works great then. |
|
smunro622Premium
join:2006-02-15
Madison Heights, MI | reply to smunro622
i am moving the app from vmware workstation to a ESXI box, turning on promiscuous mode on the vswitch lets see if this makes a difference. |
|
| reply to smunro622
said by smunro622:With the holidays i dont want to spend money on a new switch right now..
This for personal or for business, smunro622? Should be able to pick up a 2nd hand IOS-based 2950 24porter
for less than $100USD these days, if that. Then a quick two line config change to set up a SPAN src and destination,
and you're off to the races.
Just my 00000010bits
Regards |
|
