Answer the question
In order to leave comments, you need to log in
M
M
MetallicAt2012-12-17 13:06:03
MetallicAt, 2012-12-17 13:06:03
Traffic analysis on Cisco 35x0 switches
There is a task - to find an alternative to Netflow for L3 switches Cisco 3550, 3560 and the like.
At the moment, the leading idea is port mirroring + Capsa .
Is there any better solution?
Thanks in advance.
3 answer(s)
@JDima
@bondbig
@foxmuldercp
J
JDima, 2012-12-17 @JDima
Yes, as if nothing else comes to mind ...
It depends on what kind of analysis is needed. If you fix the presence of pre-known packages, then you can hang up a permitting ACL (if you know in advance that there are very few packages, you can even try with the word "log", but it's better without it).
S
Sergey, 2012-12-17 @bondbig
SPAN is a rather resource-intensive thing, it is not suitable at all in case of an attack.
You can put a specialized TAP device ( example ) and send a copy of the traffic to any traffic analyzer (the same Fluke also has software and hardware traffic analyzers, up to the application level) or to any NBA (network behavior analysis) system.
N
Nikolai Turnaviotov, 2012-12-18 @foxmuldercp
There is NBAR on tsiska, but it does not catch some of the traffic.
Similar questions
S
R
F
fadeslipper2016-12-04 11:11:17
How to solve the problem with access through the UNETLAB webmord?
2Reply
V
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question