Working With Port Security When Capturing Packets

Working with Port Security When you get involved with packet analysis you will eventually encounter the most common issue; “How will you capture packets?” For example will you use SPAN, TAP or capture right from the server/client? Each option has its pros and cons. Even though this is a very important question to consider an equally important consideration is what limitations you might have to work with. Things such as what types of Taps, media (copper, Fibre, wireless) and network equipment configuration. Common equipment configuration changes such as SPAN could cause an issue if the switch is already working hard of if an entire VLAN is SPAN’ed to a port causing bandwidth over subscription. Then there is the challenge when working with clients where configuration changes are subject to change management protocol. Unfortunately in many cases I am onsite for a limited time and need to maximize time. The same argument holds true for the full time staff since waiting for change management process delays the troubleshooting process and deters the analyst from considering this option in the future. Another common switch configuration that I have encountered is port security. Even though every vendor has different specific port security options, I will provide a generic definition. Port security controls the input to an interface based on various criteria. The common option is to define a MAC address that is allowed to access a port.

read the full article for free on https://www.networkcomputing.com/author/tony-fortunato when its posted ... https://www.youtube.com/watch?v=f-EB6PQKQGM