PCA Forums

I'm about to replace our old Hubs/Switch with a single switch. I want to be able to 'mirror' all ports at once, to use a real time sniffer from WildPackets.
Most of the brand name vendors I contact ( well: their sales people ) have no idea what I'm talking about.
Does anybody have a recommendation which will fit the bil?


Tks

Paul

How many computers, how much traffic, and what speed do you want? (guessing 100MBps) What kind of traffic do you want to sniff? I have never mirrored multiple ports, always a single port. I'm not even sure if you can mirror multiple ports. I guess if the mirrored port was in the same vlan as whatever other ports you would see the broadcast traffic and all that good stuff.

In this office perhaps 30 PCs. One switch.
Not planning on implimenting VLANs at all: from what I saw/did/read in the CCNA course VLAN's are nice when you have a busy environment but I can't see it doing much good in a setting with one primary file server and a few peripheral servers.

Do you use anything to see who is running around your LAN? One thing I like about Etherpeek and similar Linux offerings is that you can see who is going where, what resources they are accessing or trying to get to.
I guess the primary reason I want the capability is to be able to determine where local slow downs are originating when they occur. If I can ensure our local network is clean I can bitch & moan at XO with a clear concious.

I don't have a single LAN per se, it's more like a large beast and streaches from coast to coast.

I don't monitor a individuals specific traffic, I look more at broadcast and amounts of traffic when I do look at that type of thing. TCPDump is cool. It looks like you could mirror the whole vlan to a port, you are always going to have vlan1. Performance impact will depend on the switch you have.

Good Read if you end up dealing with Cisco --> http://www.cisco.com/warp/public/473/41.html

I don't know how much stuff costs, I could find out but I don't really pay attention, we just get stuff. How much do you have to spend? Looking to buy new or used? Are you looking for vendor support? My main experience is with Cisco 2000, 5000, and 6000 series and Cabletron SSR switches with a little Fore/Marconi thrown in.

With that said a 2948GL3 is pretty cool. It switches and routes, but you're not using VLANs. You could get one and say it's for "Future Growth". Maybe a couple 2924s would work. I hear 5505s are getting cheaper too. A Cabletron SSR 3000 would work too and I think they can be found cheaper nowdays. I dunno it's hard not knowing everything to say this or that is for you.

We really don't use a budget either: that's how I got the Canon 1150 w/EDOX print server
I can get a good switch for around $700 or so, 24 port. I want to be able to detect intrusions as they occur, be alerted to traffic flooding some part of the LAN/WAN thus causing noticable slow downs, and monitor a specific user if the need arises. I guess I simply haven't asked enough questions of WildPackets or the other vendors who sell these products to make sure it will do what I think I want plus other cool stuff
Cisco generally runs a bit much for a simple switch. Even the Linksys types have management features, I think, which can help in routing, securing access, etc.
Hmmm: this reminds me... we should be leaving XO in half a year ( many, many, many outages on our primary T1... like 20+ in the last 6-8 months ). If we go with another vendor I may be able to snag the 2500 series router we bought two years ago and take it home to play with :+

Got another suggestion for ya...

Nortel BPS2000 switches. This is what we upgraded to on our campus. Even though they might be a bit of an overkill for you now you might appreciate the scalability of them. We use multiple vlans on our core switches with MLT and run spanning tree on all the outer switches. You should be able to easily mirror all the ports on these switches, if that's what your looking for, but I think there is an easier way to sniff. If you want I have about 200 document cd's and can spare one if you want to look at it. A program you might want to trial is called Chariot from NetIQ. The sales rep will give you a 3-5 day trial code for free but a licence is going to cost you $15,000. Anyhow this will do some nice bandwith testing and stressing simulating different apps from multiple locations.

Well I think this thread proves one thing. Everyone is going to say something different, they will tend to go with what they know. It is going to be up to you to evaluate your options and figure out what is right for you.