Berkeley CSUA MOTD:Entry 27426
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

2003/2/15-17 [Computer/Networking] UID:27426 Activity:nil
2/14    I finally got around to setting up SPAN (makes your Cisco switch sort
        of act like a hub) so that I can monitor my traffic. Ethereal kind of
        shows which protocols are using most of my bandwidth, but doesn't
        print pretty graphs. Also, I'm mostly interested in finding out which
        hosts are using most of my traffic. Are there any Ethereal-like apps
        that do this well? Pretty graphs are a major plus.
        So far I've used TTT, which is kinda crappy.
        \_ leaving span enabled all the time isnt a great idea, esp if you
           are spanning the whole switch to one port, not just mirroring
           a port or a given vlan.
           \_ why isn't it a good idea?  intrusion detection systems depend
              on traffic monitor 100% of the time.  SPAN is a wirespeed
              feature on the catalyst family. Packet replication is done
              by HW so there's no performance degradation.  You can also do
              fancier stuff like use VLAN ACLs to replicate all traffic
              in/out of a VLAN and analyze that traffic. There's more
              commericial software that analyzes netflow tables though.  You
              can also setup the router/switch to export those netflow
              entries.  -cisco guy
              \_ not all switches behave the same when spanning.. relying on
                 spanning a whole switch to a single port is a ridiculous
                 idea w/ large switches that can easily handle more traffic
                 than any 1 port.. for example, a 6500.. the smart thing to
                 do with an IDS is to only span against the inbound/outbound
                 port rather than the whole switch. if you rather watch
                 the whole vlan then you splice down and mirror 1 vlan / port.
                 the easiest way to defeat an IDS is to overload its span
                 port or overload the IDS. there have also been many bugs
                 that are triggerred by sustained spanning on shitty (low
                 end) catalyst switches. for a "cisco guy" i dont think youve
                 worked with spanning very much on the ios based switches.
        \_ yo yo yo... i just want to monitor traffic on my main ingress
           point, nothing too intensive. and i dont have money to buy any
           fancy nids crap... just want some free stuff to see who's running
           kazaa and so forth...
2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2012/3/29-6/4 [Computer/HW/Memory, Computer/HW/CPU, Computer/HW/Drives] UID:54351 Activity:nil
3/29    A friend wants a PC (no mac). She doesn't want Dell. Is there a
        good place that can custom build for you (SSD, large RAM, cheap video
        card--no game)?
        \_ As a side note: back in my Cal days more than two decades ago when
           having a 387SX made me the only person with floating-point hardware,
           most machines were custom built.
	...
2012/1/19-3/3 [Computer/Networking, Politics/Foreign/Europe, Computer/SW] UID:54294 Activity:nil
1/19    Transcript between the Italian cruise ship captain and the Port
        Authority
        http://www.csua.org/u/v9i (abcnews.go.com)
        This captain is amazing.
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2010/8/10-9/7 [Computer/Companies/Google] UID:53919 Activity:nil
8/10    http://www.businessinsider.com/google-puts-wave-out-of-its-misery-2010-8
        Google Wave No More. The people who worked on it were pretty smart.
        They wrote up a super awesome OKR with extremely low bar as a measure
        of success, exceeded everyone's expectations by going above those
        bars, and got big fat bonuses and promotions as a result of their
        planning. Brilliant.
	...
2009/11/4-17 [Computer/SW/P2P, Computer/Networking, Computer/SW/Security] UID:53495 Activity:nil
11/4    Holy cow, I got a warning from my ISP that they were notified
        by BSA/baytsp.com that I was copying music/video/software.
        Do they do port scan or something? That's a first for me.
        \_ They hang out on P2P networks and track IP addresses.  -tom
           \_ I believe they are paid by content providers to perform this
              monitoring service, so you should only run this risk with content
	...
2009/10/1-21 [Computer/SW/WWW/Browsers] UID:53417 Activity:moderate
10/1    I am thinking of installing firefox on soda under my home directory.
        Will this make me a hozer?
        \_ Possibly. I wonder if we should have another VM for that...btw,
           I remember someone saying they're glad we're not on FreeBSD
           anymore, but last I checked, a bunch of our stuff is on FreeBSD,
           but our login server is not.
	...
2009/9/10-15 [Computer/SW/Mail] UID:53353 Activity:nil
9/9     What should outbound mail server be when reading mail from soda
        with IMAP? Is there a FAQ?
        \_ It's <DEAD>mail.csua.berkeley.edu<DEAD> (same as for incoming mail).
           \_ "The message could not be sent because connecting to SMTP
               server <DEAD>mail.csua.berkeley.edu<DEAD> failed. The server may
               be unavailable or is refusing SMTP connections."
	...
2009/7/28-8/6 [Computer/SW/Database] UID:53213 Activity:nil
7/27    I have an actual technical question here. My MySQL DBA tells me
        that I can't expect a MySQL port to be able to run effectively
        on more than a two CPU box, he says that the extra CPUs will
        sit there unused. Is this true? I have a bunch of new quad core
        servers that I would like to use as Database machines. -ausman
   \_ It's not that simple.  If you stress test your new fancy multi core
	...