Two Questions for Readers

I have two questions for readers:

1. What is the cheapest switch you've found that offers a SPAN port?

2. Is anyone interested in writing a chapter providing an overview of peer-to-peer protocols? I have been unable to contact the subject matter expert I hoped to contribute this section to my new book. I am looking for someone with experience detecting, interpreting, and controlling peer-to-peer protocols on internal networks. I am interested in providing the reader the following:

- Overview of general p2p principles and networks
- Discussion of popular p2p implementations
-- Networks and clients
-- General analysis of packet traces via Ethereal or Tethereal or Tcpdump captures (save captures for inclusion in book, if possible)
- Ways to detect p2p activity
- Ways to control (but not eliminate) p2p on internal networks; in other words, allow BitTorrent for downloading .iso's, but don't let it consume too much bandwidth
- Other topics you find relevant and interesting

I recommend responding via comment for the first question, and emailing taosecurity at gmail dot com for the second. I've just sent an email to the guys at Slyck.com to see if they'd like to help.

Update: I found this listing of switches reportedly offering mirror ports at Colasoft.

Comments

Anonymous said…
I picked up a cisco 2912XL for $100 bucks recently at a fire sale. It will do SPAN on any port with the latest IOS.
Anonymous said…
Do you need Cisco's SPAN or will port mirroring do? An Allied Telesyn AT FS7016 does the latter and sells for $125 new.
So this AT-FS7016 is the leading candidate. Thanks for the pointer!
John Collins said…
Check out this site for SPAN ports on the Catalyst 1900.

I'm not sure which version of IOS is needed for this operation because I didn't read the details. I guess if your just firing up a Niksun, RNA, or similar type box on the SPAN it doesn't matter who the vendor is.

Richard, I'm looking forward to your presentation at the ISSA-NOVA meeting on Thursday.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics