[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many to many dup-to option?



> >Maybe you can to use multicast address as destination.
> 
> Unfortunately dup-to requires you to specify a physical network
> interface for where to send the traffic to.  You can specify an
> address associated with that network interface, but I'm not really
> sure what benefit this has because your ids/analyzer/etc still has to
> be attached to that rj45 port.
IIRC, specifying an address associated with that network interface
will not re-write the destination IP in the IP packet, but instead
just uses ARP to specify the destination MAC at the ether layer?
Perhaps you could specify the outbound interface with the broadcast
address, resulting in the packet being sent with a broadcast MAC, such
that a switch will reliably flood the packet out to all active ports?
> I'm at that point where my network feeds are so intensive that a hub
> is no longer sufficient, 
Can you explain further why a hub is no longer sufficient?  If you can
ensure that the only device transmitting to the hub is the host
sending out the dup-to traffic (perhaps by physically disabling
transmit lines on the "listen only" ports), then a hub should be able
to flood out packets from a single talker to multiple listeners at
wire speed.
Kevin