Monday, August 12, 2013

Port Span: Packet duplication

I have stumbled across this issue multiple times lately, especially if you are trying to span multiple source ports, and there are couple of solutions worth to look at -

http://blogs.cisco.com/security/span-packet-duplication-problem-and-solution/

http://myoss.belgoline.com/despan

I think the packet duplication issue should be eliminated using hardware based solution(built-in), where the switch itself able to eliminate it, while it may add the workload to the network switch, it makes real time monitoring more accurate and possible especially tools such snort/bro are not going to identify duplicate packets.