Snort mailing list archives
Re: Snort and network taps
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 24 Apr 2002 12:14:05 +1200
On Tue, Apr 23, 2002 at 04:59:42PM -0700, Jeff Nathan wrote:
Taps are designed to be used with analyzers. The transmit pair from each side of a connection is broken out into it's own port. These two tap ports then need to be recombined for snort.
Bizarre. I've snooped around via google - and the likes of some nice drawings on www.sans.org totally fail to mention that "minor" point.... With the growth in the IDS arena, I'd say there's a market for an "IDS tap" now - one where you are presented with one port containing both directions... I thought of it first!!! I get copyright!!! ;-) -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and network taps counter . spy (Apr 23)
- Re: Snort and network taps Chris Green (Apr 23)
- Re: Snort and network taps Jeff Nathan (Apr 23)
- Re: Snort and network taps Jason Haar (Apr 23)
- Re: Snort and network taps Jeff Nathan (Apr 23)
- Re: Snort and network taps Jason Haar (Apr 23)
- Re: Snort and network taps Jason Haar (Apr 23)
- <Possible follow-ups>
- RE: Snort and network taps Wirth, Jeff (Apr 23)
- RE: Snort and network taps Fuchs Bernhard (Apr 24)