Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FAQ 10/100 Hubs Block Other Speed Traffic

From: "Murphy" <murphy () infomaniak ch>
Date: Thu, 9 Aug 2001 08:12:36 +0200
Excellent point, which raises a slightly off topic question.

Could we imagine making a special "tapping" CAT5 cable, that would, on one
end of the cable have an extra twisted pair comming out (connected on the Rx
on the normal wires) that would be used for tapping, by feeding those to the
snort Box ?
I realise, that if it worked, it would limit either incoming or outgoing
traffic to be monitored, but still it's a very, very cheap solution when you
can go for a switch that has port mirroring.

Murphy.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of
stefmit () starband net
Sent: Thursday, August 09, 2001 00:40
To: snort-users () lists sourceforge net
Subject: [Snort-users] Re: FAQ 10/100 Hubs Block Other Speed Traffic


Great descriptions - just to throw in a "minor" thing: if you deal with
full duplex on a switched port, only a tap would save you - have
succesfully used Shomiti's ones on 100MB FD ports, and used two
Snort instances, capturing traffic on both directions. Port mirroring
didn't work in that case ...

Stef


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: