I'd have to say this depends on the media involved. ethernet switches allow the monitoring of specific ports (or entire vlans) in most cases. This can be done without impact (assuming nobody goofs on the ethernet switch config) to other people and limit the scope of packets inspected. Various vendors have their own monitoring solutions and port replication features. I seem to recall one customer of my employer saying how much they enjoyed the ability to tcpdump/inspect traffic on their Juniper routers. (with regards to a DoS attack we were working on tracking). - Jared On Sat, Jan 17, 2004 at 09:08:22PM -0500, Sean Donelan wrote:
Assuming lawful purposes, what is the best way to tap a network undetectable to the surveillance subject, not missing any relevant data, and not exposing the installer to undue risk?
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.