""Dave C."" wrote in message ... > I know there is an extensive difference in price (Etherpeek NX is somewhere > around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater > than $10,000. For a small growing company, it is hard to justify over > $10,000 for a piece of software, when I can get something comparable for > much less, especially when we are in a time where we have to justify our jobs.
I think I've posted this before.....(*sigh*) There are two types of worthwhile packet capture software: 1) free Unix-based 2) commerical Unix-based For option 1, you have tcpdump, Ethereal, snort, and NTOP. Download them. Run them on something cheap like a 1U rackmount server (~$500). Make sure you have at least two NIC ports (#1 for SSH, #2 for capture). For option 2, you have Niksun's NetVCR product for Layers 2-4 and Unispeed's Netlogger product for Layers 5-7. There are two types of packet capture infrastructure: 1) Taps 2) SPAN's, mirror-ports, etc For taps, I recommend Finisar (good equipment for SAN stuff, too), or Netoptics. For SPAN ports, I highly recommend putting a Cisco Cat6k with a PFC card in every switch closet, data center, and anywhere an Ethernet cable plugs into.... that way you can take advantage of RSPAN (and soon to be released ERSPAN on the Sup720 modules)... This document explains how to do anything you want with RSPAN: http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet091 86a008017b753.html -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72353&t=72346 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]