IDS mailing list archives

Re: port bonding and taps

From: Aaron Cheek <aaron_cheek () yahoo com>
Date: Thu, 2 Oct 2003 08:52:11 -0700 (PDT)

What we have done is to set a 10 Mb Ethernet hub up 
near the tap and run both tap ports into it. We then

plug whatever sniffers you want into the hub and you

will see both sides of the traffic.


Why use a tap at all if you are using a hub all the
same? You can use a read-only cable to connect your
IDS directly to the hub (as described in the snort
FAQ) and get the same effect.

Aaron

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

Current thread:

Re: port bonding and taps, (continued)
- Re: port bonding and taps Jeffrey . Stebelton (Oct 02)
  - Re: port bonding and taps Michael Stone (Oct 02)
  - Re: port bonding and taps Sam f. Stover (Oct 02)
  - Re: port bonding and taps Bamm Visscher (Oct 06)
- RE: port bonding and taps PPowenski (Oct 02)
  - Re: port bonding and taps Sam f. Stover (Oct 02)
    - Re: port bonding and taps Bennett Todd (Oct 06)
    - Re: port bonding and taps Sam f. Stover (Oct 06)
    - Re: port bonding and taps Bennett Todd (Oct 06)
    - Re: port bonding and taps Sam f. Stover (Oct 06)
- Re: port bonding and taps Aaron Cheek (Oct 06)
- RE: port bonding and taps Bradberry, John (Oct 06)