On 10/21/10 12:56, Mateus Caruccio wrote:
As I said, I do not have access/permission to run anything in our
production servers (our admins are a "little" paranoid :) Also, since
port mirror is mirroring only those specific proto:port packets, I
dont think that would cause any performance penalty.
(I've not used SPAN / port mirroring in a long time.) Does the SPAN
truly mirror select protocols (UDP) to a given port (2077)? Or does
SPAN mirror all traffic to the switch port?
*chuckle*
I've been on both sides of the paranoia. Usually it's warranted for
security / stability. (Usually)
Anyway, this is not beautiful as it could, but works for our needs.
Again, thanks for support. I will keep looking for a more
straight/clean solution.
Honestly, I don't think this solution is that unclean, at least from a
host point of view. The only dirty part of this I see is the fact that
you have an IP / MAC duplication on the network. However, said
duplication is isolated by a SPAN configuration in a switch. So, it's
not really bad, just something to be mindful of.
I don't know how temporary your dev server is, but I've had 5+ year old
temp installs break when the prod server was replaced, thus changing the
MAC address. Just something else to be mindful of.
I'm not a protocol/kernel specialist, so this is a good challenge.
Challenges can be fun and frustrating.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
