TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
On a switched network, obviously RS or any sniffer cannot see all of the
traffic, just that on the segment that it sits on. However, some switches
have what is called a "spanning" port (there may be other names for the same
thing). Basically this allows the switch admin to have network traffic on
segments A, B, & F (arbitrarily chosen letters, BTW) duplicated to this
"spanning" port. One could then hook up realsecure to the spanning port and
see the traffic from those segments that are configured to mirror through
there.
There are caveats, however:
Network traffic is additive. IOW, if those 3 segments are 10-base-T and
running at full capacity (about 6-7Mb/sec before you reach a margin of
diminishing returns on network traffic collisions) and are routed through
the spanning port, thats about 18-21 mb/sec of traffic. Now, on 10-Base-T
you would generally need a 100-Base-T spanning port to keep up, otherwise so
many packets will get dropped that the purpose of a spanning port is
defeated. On lower traffic networks, like say 1-2mb/sec on each of the
three segments, you could route those through a 10-Base-T spanning port as
the traffic will only amount to 3-6 Mb/sec (incidentally, this is about as
high as you wanna go. Once you reach that point where there are too many
collisions, about 6+ mb/sec you need to up that spanning port to a
100-base-T port), and you should be fine.
Also be aware that if you are running a 100-Base-T switch and have a Gigabit
Ethernet spanning port, the same rules as above apply. 3 segments running
at 10-20 mb/sec amount to a total of 30-60mb/sec. Much more than this and
RealSecure itself will not be able to keep up, much less the network itself.
In situations such as those outlined above it is helpful to actually set up
several ports as spanning ports. If you have 9 network segments, span them
at 3 segments per spanning port. Then you only need 3 RS engines to monitor
all of the traffic. Also be aware that some switches will allow *ANY* port
to be configured as a spanning port, and some will have only *1* single port
that has this capability (sometimes called a "monitoring port"). Be sure to
check with your switch vendor before buying, or read the switch's
documentation if you are not sure what your switch is capable of.
I hope that this answers most of your questions about implementing
RealSecure on a switched network!!!
Alex F
Q/A - RealSecure
-----Original Message-----
From: Takács István [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 30, 1999 2:33 PM
To: '[EMAIL PROTECTED]'
Subject: Switched network
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hi,
First of all, thanks for the answers to my
'Database updates' question.
Next year we want to change to a switched internal network.
How will the RealSecure work in this kind of enviroment?
How can it monitor the whole network traffic?
Thanks in advance!
Regards,
Istvan Takacs
Network Manager
Hungarian Gaming Co.
