From: Michael Richardson (mcr@sandelman.ottawa.on.ca)
Date: Tue Dec 14 2004 - 21:45:00 EST
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "John" == John Madden <chiwawa999@yahoo.com> writes:
John> More of a suspicion...
John> I've asked the question to our administrators but
John> let's just say I want to check for myself.
How many ports can you control?
One a system with a suspected span port, turn on promisc.
Send a packet with the wrong MAC for the system, but layer-3 unicast
to that system. See if you get a response.
If the system with the span port is trying to be stealthy (which
ultimately, can mean that the Tx pair is cut...) they you may be out of
luck.
*SOME* switches will flow control the traffic if the mirror port is
going to overflow. So, if you have 4 additional ports, and you can set
up two full bandwidth streams between them, *AND* the switch does the
flow control you, then you may not see full bandwidth.
(More likely in GigE)
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQb+lK4qHRg3pndX9AQG4WAQAs1SK1xIUk+yOMAnlL0zjuPSC+zLSXTIM
vpffSE6hcVFdqqHphiIQy+dd/Fu8Mv7JUFiUfHbZV4PNCds971jaXDAHJ0iy4pP6
zCQgXBd6TIuRU2BYq2DzuGBsmRrnLokNQNOgc/H13EQEBVYalwnHoGe8UhlDFk7J
74UOOQ1KoVM=
=Ep5x
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT