.

device/system selection

<<

Determ

Newbie
Newbie

Posts: 23

Joined: Tue Jul 13, 2010 1:20 am

Post Thu Dec 15, 2011 8:09 am

device/system selection

What kind of device is best to use if I want do "duplicate" and transfer network traffic from one remote facility to other, where analysis will be done?

So I'm looking for best "out-of-box" rack-cabinet appropriate device, sufficiently effective for being placed between switch and router.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Dec 15, 2011 9:18 am

Re: device/system selection

What kind of data are we talking about? Databases? Files? Or are you talking about replication at a lower level? Are you trying to de-dup before you transfer over the network?
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Thu Dec 15, 2011 10:55 am

Re: device/system selection

Wouldn't you just setup port mirroring and monitor everything from that port?  You could setup an appliance or a computer with wireshark,tcpdump, dsniff,etc, right?
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Dec 15, 2011 10:57 am

Re: device/system selection

Good point, misread the question. Port mirroring over a WAN might be tough unless the bandwidth is significant.
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Thu Dec 15, 2011 11:11 am

Re: device/system selection

<<

Determ

Newbie
Newbie

Posts: 23

Joined: Tue Jul 13, 2010 1:20 am

Post Fri Dec 16, 2011 10:30 am

Re: device/system selection

mambru wrote:Have you tried a tap?


Yes, inline aggregating tap with filter option is needed, but do I get a device with router capabilities. Traffic should be send over WAN, but without intervention to existing (primary) router.
Last edited by Determ on Sat Dec 17, 2011 1:34 pm, edited 1 time in total.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Dec 17, 2011 4:53 pm

Re: device/system selection

cd1zz wrote:Good point, misread the question. Port mirroring over a WAN might be tough unless the bandwidth is significant.


Not really. I used to work in a central data center for an auto company. All the plants had mini-data centers, but they got all their data from the centernal location. We had network genral sniffers and 4tb infinistreams attached to the network via span ports off cisco 6500s. the infinistreams rolled every 12 hours, and we never had complaints about performance.
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Dec 17, 2011 4:55 pm

Re: device/system selection

Determ wrote:
mambru wrote:Have you tried a tap?


Yes, inline aggregating tap with filter option is needed, but do I get a device with router capabilities. Traffic should be send over WAN, but without intervention to existing (primary) router.


If I understand that right, you want the traffic needing to be watched to go out over the exiting WAN connection without going through the existing border router? can you create down time to set things up?
OSWP, Sec+
<<

Determ

Newbie
Newbie

Posts: 23

Joined: Tue Jul 13, 2010 1:20 am

Post Thu Dec 22, 2011 3:57 pm

Re: device/system selection

chrisj wrote:If I understand that right, you want the traffic needing to be watched to go out over the exiting WAN connection without going through the existing border router? can you create down time to set things up?


Yes.

Also I have time to set-up things, it's not continuous process 24/7. For the beginning would be ok, if the device (tap) could have option to save filtered traffic and send it via smtp on every X hours. In that way the device could be plugged directly in current switch. Ofcourse I don't know if I get such smart Tap device (having laptop in rack for that is not an option).
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Dec 22, 2011 5:14 pm

Re: device/system selection

maybe not having a laptop, but if you could drop a full size server, one that looks like it belonged maybe.

Actually I was thinking more along the lines of how I had something set up in the past. Had a facility in rural area that could only get 1 dsl line. It was a PITA just to get that much. A partner company made a deal with a 3rd company who came in and set up gear.

I had to figure out how to have 2 secure networks seperated on the same DSL line. Connection went DSL hand off (DSL Modem with built in firewall and router), cisco pix for one network, linksys running dd-wrt for the other as their gateways, and then they did Site to Site VPN from those.

Was thinking maybe put an outer-edge device, then the border router, with your sniffer hooked into the outer edge device and the network with span port. lock it down tight with firewall rules.
OSWP, Sec+

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software