IDS mailing list archives
Re: port bonding and taps
From: Aaron Cheek <aaron_cheek () yahoo com>
Date: Thu, 2 Oct 2003 08:52:11 -0700 (PDT)
What we have done is to set a 10 Mb Ethernet hub up near the tap and run both tap ports into it. We then
plug whatever sniffers you want into the hub and you
will see both sides of the traffic.
Why use a tap at all if you are using a hub all the same? You can use a read-only cable to connect your IDS directly to the hub (as described in the snort FAQ) and get the same effect. Aaron __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Re: port bonding and taps, (continued)
- Re: port bonding and taps Jeffrey . Stebelton (Oct 02)
- Re: port bonding and taps Michael Stone (Oct 02)
- Re: port bonding and taps Sam f. Stover (Oct 02)
- Re: port bonding and taps Bamm Visscher (Oct 06)
- RE: port bonding and taps PPowenski (Oct 02)
- Re: port bonding and taps Sam f. Stover (Oct 02)
- Re: port bonding and taps Bennett Todd (Oct 06)
- Re: port bonding and taps Sam f. Stover (Oct 06)
- Re: port bonding and taps Bennett Todd (Oct 06)
- Re: port bonding and taps Sam f. Stover (Oct 06)
- Re: port bonding and taps Sam f. Stover (Oct 02)
- Re: port bonding and taps Jeffrey . Stebelton (Oct 02)