Stephen Reese

Network Traffic Capture on Linux using OpenvSwitch

This post demonstrates how you can mirror interfaces on a Linux server in an environment where you may not have physical network taps or SPAN ports. We can use OpenvSwitch in order to forward traffic between nodes, even if we are not using virtualization. Each node being monitored needs two …

Using session-monitor to span ports as an aggregation tap

Like most I do not have the funds to purchase a $1000 port aggregation tap for my IDS to monitor traffic so instead I just used a 2950 Cisco Switch: ! interface FastEthernet0/1 switchport access vlan 100 duplex full ! interface FastEthernet0/2 switchport access vlan 100 duplex full ! interface FastEthernet0 …