Saturday, April 21, 2018

How to capture all east-west traffic?

As the title suggests, literally all. One example to give, is if I ping bob’s computer, which is on the same vlan as me—those packets won’t leave our access switch at all. How does one go about making sure *all traffic can be pulled into each of our tools and analyzers?

I don’t think any switch really supports SPAN of literally every port on the switch. There’s always be limitations. Like if I SPAN a layer 2 vlan, I only capture ingress traffic, etc.

Is it an impossible task? I was thinking one way might be “pvlan everything” every access port network wide is an Isolated Port, to force all their traffic up through the uplink where in-line network taps can nab it.

Thoughts?



No comments:

Post a Comment