Yeah, the device I've got in my head is a 1U server with 4 (or more?) interfaces... not so much to simultaneously pull 400Mbps of bandwidth for analysis but rather to just have a interface going to each switch I might want to monitor and then span traffic to the Ethereal box. Given that I'm trying to attain remote visibility, it might be nice not to need remote hands to be swapping patch cords back and forth. I'm imagining that even with a relatively speedy box, if you were trying to do analysis from multiple interfaces you'd at least choke the disk I/O. There's always stringent filters, I guess. thanks for the input, -carl "E.B. Dreger" <eddy+public+spam@noc.ever To: CARL.P.HIRSCH@sargentlundy.com quick.net> cc: nanog@merit.edu Sent by: Subject: Re: Let's talk about Distance Sniffing/Remote owner-nanog@merit.edu Visibility 03/28/02 09:02 AM "C" is close. Not sure what you mean by "a ton of interfaces". Most (all?) good managed switches have a "monitor port" or "mirror port" where they can blind copy traffic from other ports to the one that's set aside for snooping. Four-port ethernet cards are readily available. How many switches do you wish to monitor simultaneously? Even with only four ports (more in one box is certainly possible), you can have a fair amount of traffic to digest. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.