Snort mailing list archives

Re: Understanding IDS & TAPS

From: twig les <twigles () yahoo com>
Date: Wed, 18 Dec 2002 09:54:11 -0800 (PST)

Your questions span (pun!) more than the IDS field. 
Pick up a good book on switches or at least something
that explains the OSI model.  As loath as I am to
recommend reading theory, it really applies.

A short answer is that switches forward packets out of
specific ports based on a table they keep.  The table
correlates MAC address<->port relationships.  To sniff
on a switch you need one of two things: a port that
the switch sends ALL traffic to, regardless of the
destination MAC, or a piece of software like Ettercap
that does massive ARP poisoning.  For multiple obvious
reasons you prolly want to stick to the former.

--- "Carleton, Sam (SCI TW)"
<Sam_Carleton_TW () stercomm com> wrote:

Folks,

I understand the IDS and TAPS, but not completely. 
The main thing is the
physical hookup of the TAP to the IDS.  I don't
understand the "100Mb IDS
Tapping Diagram (with only 100bt span port)"
diagram.  The switch being
used, can it be any old switch or does it have to be
something that is
programmable?  What I don't understand is how the
traffic gets through the
switch.  How does the switch know where to send the
packets which are coming
in from the Port A and Port B?

Sam

-------------------------------------------------------

This SF.NET email is sponsored by: Order your
Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control
Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,
 Smart Putty.
T H I N K G E E K . C O M      
http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Understanding IDS & TAPS Carleton, Sam (SCI TW) (Dec 18)
- Re: Understanding IDS & TAPS twig les (Dec 18)
- <Possible follow-ups>
- RE: Understanding IDS & TAPS Carleton, Sam (SCI TW) (Dec 18)
  - RE: Understanding IDS & TAPS Nigel Clarke (Dec 19)
- RE: Understanding IDS & TAPS Carleton, Sam (SCI TW) (Dec 18)
- Re: Understanding IDS & TAPS Matt Kettler (Dec 18)