If I understand you correctly that will certainly work as well. I do however try avoid connecting a "cheap" hub inline with a critical device simply so I can get visibility to the traffic. It introduces another point of failure and I have enough already. In certain circumstances it could be argued purpose built network taps are a better solution than SPANing or netflow, but that's a case by case basis. Typically these fail open as well - whereas all traffic is passed. Not as much chance of failure as a hub and everything still works if it does fail - in theory.
Gary >>> [EMAIL PROTECTED] 9/29/2006 10:59 PM >>> On 09/28/06 12:50, Brian Loe published: > On 9/28/06, Gary Gatten <[EMAIL PROTECTED]> wrote: > >> Netflow works pretty good for me. If you have core routers you can >> enable it there - don't have to enable it on every remote. If you >> choose to however, it will work. the netflow streams are routable so >> the flow receiver(s) can be anywhere. You won't get as much detail as >> you would capturing real packets, but fi you don't need that detail it's >> far easier to configure all around - and WAY fewer resources. > > So if you want a lot of detail, do you plug it into a switch on the > same network as the router and configure the router to send to it - or > do you configure a SPAN port for the router's inside interface? That, or you could plug it into a hub (probably with a Rx-only Ethernet cable) to capture all traffic going to and from one interface. -- Richard Kolkovich _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
