[AusNOG] (no subject)

Simeon Miteff simeon.miteff at gmail.com
Thu May 21 13:45:02 EST 2020


BTW, tcpdump does frames, you just need to pass -e to see the Ethernet
headers. The only thing you can't see with tcpdump is what the NIC hides
from the OS (preamble, FCS, inter-frame gap).

The Linux bridge is definitely a nice quick-and-dirty solution.

If you need something CIO-friendly, I recommend Arista's tap aggregation
mode. It turns off mac learning and you basically get a configurable frame
mux (see https://www.arista.com/en/solutions/tap-aggregation-with-danz).

Otherwise, check out the open source FAUCET SDN controller (
https://faucet.nz/). FAUCET ACLs have a mirror action, and it works or a
bunch of the better OpenFlow switch implementations out there (common ones
are Allied-Telesis, HPE and Cisco Cat9K). The little 8-port fanless HPE
2930F is quite cheap. Only downside is that you'll need something to run
the controller on, but many people are using raspberry pi's for that.


On Thu, 21 May 2020 at 15:24, Rob Thomas <xrobau at gmail.com> wrote:

> If you wanted to do this simply, just grab a linux machine with three
> network interfaces, and do this (assuming eth0 is 'real' and eth1 and
> eth2 are where you want to insert the tap)
>
> brctl addbr sniff
> brctl addif sniff eth1
> brctl addif sniff eth2
> brctl stp sniff off
>
> You can then do a tcpdump on the 'sniff' interface and you'll see
> everything at a packet layer (not a frame layer). If you really REALLY
> want frames, it's harder, but mostly doable. It looks like that USB
> thing is only at the packet layer anyway, so you should be fine.
>
> --Rob
>
>
> On Thu, 21 May 2020 at 12:09, Richard Biggs
> <Richard.Biggs at health.qld.gov.au> wrote:
> >
> > Hi All,
> >
> >
> >
> > Looking for a standalone network tap, I can’t seem to find anything
> local in Aus.
> >
> >
> >
> > Only needing something real basic like
> https://www.dualcomm.com/products/usb-powered-10-100-1000base-t-network-tap
> does anyone know who would be holding some stock?
> >
> >
> >
> > Cheers,
> >
> >
> >
> > RB
> >
> >
> >
> >
> >
> >
> **********************************************************************************
> >
> > Disclaimer: This email and any attachments may contain legally
> privileged or confidential information and may be protected by copyright.
> You must not use or disclose them other than for the purposes for which
> they were supplied. The privilege or confidentiality attached to this
> message and attachments is not waived by reason of mistaken delivery to
> you. If you are not the intended recipient, you must not use, disclose,
> retain, forward or reproduce this message or any attachments. If you
> receive this message in error, please notify the sender by return email or
> telephone and destroy and delete all copies. Unless stated otherwise, this
> email represents only the views of the sender and not the views of the
> Queensland Government.
> >
> > Queensland Health carries out monitoring, scanning and blocking of
> emails and attachments sent from or to addresses within Queensland Health
> for the purposes of operating, protecting, maintaining and ensuring
> appropriate use of its computer network.
> >
> >
> **********************************************************************************
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>


-- 

Regards,
Simeon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200521/ffdefac1/attachment.html>


More information about the AusNOG mailing list