I have stumbled across this issue multiple times lately, especially if you are trying to span multiple source ports, and there are couple of solutions worth to look at -
http://blogs.cisco.com/security/span-packet-duplication-problem-and-solution/
http://myoss.belgoline.com/despan
I think the packet duplication issue should be eliminated using hardware based solution(built-in), where the switch itself able to eliminate it, while it may add the workload to the network switch, it makes real time monitoring more accurate and possible especially tools such snort/bro are not going to identify duplicate packets.
Subscribe to:
Post Comments (Atom)
1 comment:
CS please contact me ASAP soft@selectprecision.com I need to speak with you about an opportunity in Singapore, I would like to send through the brief to you, and if you can send me through your resume and also advise of your current circumstance in IT Security
Many Thanks
S
Post a Comment