edward mzj wrote:
> span means Switch Port ANalyzer, a packet monitoring feature available
> in most manageable switches, cisco's catalysts for example. when a
> switch port is designated as a span port, all incoming or outgoing
> traffic of one or all other switch ports are duplicated and sent out
> the span port. this makes it possible for packet sniffering and
> intrustion detection in a switched enviroment.
> unlike a real span port, which can monitor all layer 2 packets, no
> mater what the upper layer protocols are, ipfilter, the core
> firewalling component in m0n0, runs in layer 3 and above, and can only
> recognize ip traffic. so it's not possible to monitor ipx, appletalk
> and other traffic. however, ipfilter is more intelligent than a
> switch. it can send only those packets you interested, say http
> sessions, to your sniffer or ids. this is very useful if your sniffer
> or ids runs on a not so powerful platform and can save you a lot of
> time when you analyzing those packets or logs
Nice, and what options will be available for m0n0?
> 2005/8/27, Robo.K. <mono at inmail dot sk>:
>>Hi Ed, sorry but, What is SPAN? Can you send description picture?