On Thu, Oct 21, 2010 at 4:11 PM, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > On 10/21/10 12:56, Mateus Caruccio wrote: >> >> As I said, I do not have access/permission to run anything in our >> production servers (our admins are a "little" paranoid :) Also, since port >> mirror is mirroring only those specific proto:port packets, I dont think >> that would cause any performance penalty. > > (I've not used SPAN / port mirroring in a long time.) Does the SPAN truly > mirror select protocols (UDP) to a given port (2077)? Or does SPAN mirror > all traffic to the switch port? Is, it does mirror based on proto/port. In fact it's mirroring only inbound traffic! Amazing, huh? I do not known what equipment it is, but seems to be very robust. > > *chuckle* > > I've been on both sides of the paranoia. Usually it's warranted for > security / stability. (Usually) > >> Anyway, this is not beautiful as it could, but works for our needs. Again, >> thanks for support. I will keep looking for a more straight/clean solution. > > Honestly, I don't think this solution is that unclean, at least from a host > point of view. The only dirty part of this I see is the fact that you have > an IP / MAC duplication on the network. However, said duplication is > isolated by a SPAN configuration in a switch. So, it's not really bad, just > something to be mindful of. > > I don't know how temporary your dev server is, but I've had 5+ year old temp > installs break when the prod server was replaced, thus changing the MAC > address. Just something else to be mindful of. That's not a problem now. Our tests will last for 3-6 days only. Mateus. > >> I'm not a protocol/kernel specialist, so this is a good challenge. > > Challenges can be fun and frustrating. > > > > Grant. . . . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- # ################ VOTE NULO ################ # Mateus de Oliveira Caruccio <mateus at caruccio dot com> # Old programmers never die. They just branch to another namespace -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
