Re: A few modification to m0n0, anyone interested?

From:	Ugo Bellavance <ugob at camo dash route dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: A few modification to m0n0, anyone interested?
Date:	Sat, 27 Aug 2005 11:23:14 -0400

edward mzj wrote:
> span means Switch Port ANalyzer, a packet monitoring feature available
> in most manageable switches, cisco's catalysts for example. when a
> switch port is designated as a span port, all incoming or outgoing
> traffic of one or all other switch ports are duplicated and sent out
> the span port. this makes it possible for packet sniffering and
> intrustion detection in a switched enviroment.
> 
> unlike a real span port, which can monitor all layer 2 packets, no
> mater what the upper layer protocols are, ipfilter, the core
> firewalling component in m0n0, runs in layer 3 and above, and can only
> recognize ip traffic. so it's not possible to monitor ipx, appletalk
> and other traffic. however, ipfilter is more intelligent than a
> switch. it can send only those packets you interested, say http
> sessions, to your sniffer or ids. this is very useful if your sniffer
> or ids runs on a not so powerful platform and can save you a lot of
> time when you analyzing those packets or logs


Nice, and what options will be available for m0n0?

> 
> 2005/8/27, Robo.K. <mono at inmail dot sk>:
> 
>>Hi Ed, sorry but,  What is SPAN? Can you send description picture?
>>Thanx.
>>Bob.