Thursday, August 20, 2009
Misconfiguration Issue of NSA Span Port
One of the purposes of releasing this dataset is to help us improve on our capture techniques so that the next dataset is that much more useful to anyone who uses it. Thanks to the input we have already received on the 2009 CDX dataset, we have identified an issue in the way the NSA switch was configured. Specifically, we believe the span port from which our capture node was placed was configured for unidirectional listening. This resulted in our capture node only "hearing" received traffic from the red cell. We don't believe this is the case with the capture files from the USMA network (we controlled that configuration). We will ensure this mistake is not made in upcoming captures and the 2010 CDX capture.