Cisco Blogs


Cisco Blog > Security

SPAN Packet Duplication: Problem and Solution

In the spirit of National Cyber Security Awareness Month (NCSAM) I offer up a recent tale of intrigue and mystery from an ongoing Cisco Security Research project…

Prologue

One of Cisco Security Research and Operation’s ongoing projects is to oversee a massive infrastructure of several high-volume Internet POPs that send large amounts of network traffic into one of our research labs. We are collecting NetFlow and packet dumps from a geographically distributed sensor network. These pcap files each contain several million packets, but due to a configuration error in the packet capture process, there was some amount of packet duplication. This short blog article will talk about why the duplication happened, how we prevented it from reoccurring, and a unique solution that was employed to remove the duplicate packets from all of the affected pcap files. Read More »

Tags: , ,