tag:blogger.com,1999:blog-4088979.post2399068931883113549..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: DualComm Port Mirroring SwitchRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-40048829033988223242010-10-04T00:47:06.627-04:002010-10-04T00:47:06.627-04:00I can see the USB powered bit being useful, if you...I can see the USB powered bit being useful, if you are red team you can hide it inside a tower plugged into either internal or external USB. If you are using for analysis at different points on the network there will usually be a server or workstation nearby that you can get the power off, not having to worry about using up another power point.Morgan Storeyhttps://www.blogger.com/profile/10406049887224934659noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-9344054585955282742010-09-10T15:51:00.082-04:002010-09-10T15:51:00.082-04:00Amer makes a switch that does multiple port mirror...Amer makes a switch that does multiple port mirrors and has combo ports.<br /><br />We use this to do 4 port mirrors on a single device.<br /><br />http://www.amer.com/_e/Managed/product/SS2GD8i/Amer_com_Managed_6_Port_1000Mbps_plus_2_combo_Copper_SFP_port_switch_SS2GD8i_.htmTomnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-47571696359017642352010-09-10T15:21:22.808-04:002010-09-10T15:21:22.808-04:00Thanks for everyone who pointed out the incorrect ...Thanks for everyone who pointed out the incorrect URL!Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-27571646667808642192010-09-10T13:25:39.880-04:002010-09-10T13:25:39.880-04:00Richard, the correct URL for DualComm is: http://w...Richard, the correct URL for DualComm is: http://www.dual-comm.com/ whereas the URL provided at the end of the article is a domain parking lot.Andrew from Vancouverhttps://www.blogger.com/profile/09507389624433409868noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-61906623430694925592010-09-10T09:34:52.253-04:002010-09-10T09:34:52.253-04:00For monitoring my various home networks I use a Ne...For monitoring my various home networks I use a Netgear GS108T (you can grab a version 1 of the device at various online stores for $89).<br /><br />I configure ports 1 & 2 to VLAN2, ports 3 & 4 to VLAN3, port 5 is a mirror for ports 1 and 3, (bi-directional) and the remaining ports are left on the default VLAN and act as a normal switch.<br /><br />I then loop the networks I wish to monitor through ports 1+2 and 3+4. Then on my monitoring device (connected to port 5) I create virtual interfaces and route traffic to them from the physical interface based on the VLAN tag in the Ethernet frame.<br /><br />This allows me to easily run multiple instances of SGUIL on a single server, e.g. one watching internal traffic, the other watching honeypot traffic.Dave Crawfordhttp://www.pingtrip.comnoreply@blogger.com