Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shomiti Taps, Cisco Port Mirroring and IDS

From: John Adams <jna () retina net>
Date: Sat, 5 Jan 2002 01:58:18 -0500 (EST)

I don't understand why you would ever need one of these devices if you
have the two switches on a VLAN and you have a span port enabled.

On the other hand, if you think you need another hub, perhaps you could
use two crossover cables in and out of the tap?

-john

On Thu, 3 Jan 2002, Don Ng wrote:


 Hello all, just need some assistance on the issue of
Shomiti taps. I have spoken to the vendors but they
had to check ...

 I am looking at their Century taps that comes with 4
ports.
 Two ports are used to place the device inline with
the segment to be monitored.

Original
  Router-----Firewall
After
  Router----<P 1> Century TAP <Port 2>---Firewall
                  |         |
                 <P 3>    <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and
Firewall---> Router for Port 4.

 From the looks of things I would have to connect both

Port 3 and 4 to another Hub and plugging an network
IDS into that hub.

 Router----<P 1> Century TAP <Port 2>---Firewall
                  |         |
                 <P 3>    <P 4>
                    |      |
                     HUB
                      |----NID-200

Is this the optimal way to put an inline tap.
Cisco port mirroring seems to work fine mirroing
multiple ports to a single port connected to an IDS.

Glad for any help and comments.












=====
A Nobel Peace Prize for Jim Henson,
 He bought laughter to a lot of people.

 PS: I work in www.Quantiqint.com so
 comments regarding CyberGuard FW, NFR Security, Network-1,
 might be judged to be biased.

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards



--
J. Adams                                        http://www.retina.net/~jna

I'm not offened by the things that you say, 'cause it's such a predictable
way to wreak havoc / Talk. I need something to agree with at first / You
were right / I was wrong / Now does that make you happy?  --Lush


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: