Snort mailing list archives
Re: Cisco Catalyst - SNORT
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 27 Jun 2003 22:54:14 -0400
Jeff Nathan wrote:
If the bus is synchronous, the clock could be used to gate the bits into registers and ASICs dedicated to the port. No impact on central processing. No interrupts.. The port hardware is told to accept all data on every clock pulse by a simple logic level on a gate. It may be more complicated than that if there is data on the bus other than the packet stream but you get the idea. The data on the bus may identify itself as packet data. There may be codes that delimit packet data. Lots of possibilities. All-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Friday, June 27, 2003 7:34 -0400 Gary Flynn <flynngn () jmu edu> wrote:I'm not saying the switch works this way but if the packets are on a bus and configuring a span port just means telling the port to grab anything on the bus, it would seem there would be no performance hit.Grabbing those frames and sending them out a different interface still requires I/O operations (interrupt request processing and the like). Hidden as it may be, there's always a price.
can be handled by hardware with a couple of logic level changes that doesn't require a processor.I don't know if it works that way but Cisco switch/routers process the beginnings of a flow in software and then claim to switch the rest of the flow in hardware. I can see where the processor could set up some registers and flip-flops and everything would cascade through discrete logic gates as long as the address/port/ID inputs match the preset
values. To do it promiscuously would seem to be trivial in comparison.Sort of goes back to the old computers that were set up by an operator with patch cords and then let everything fly through it for a fixed set of operations. Once set up,
the data itself drove everything through as it was presented. All hypothetical.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Cisco Catalyst - SNORT, (continued)
- RE: Cisco Catalyst - SNORT shannong (Jun 24)
- RE: Cisco Catalyst - SNORT Jeff Nathan (Jun 26)
- snort + 802.11 management frames ... Jon Baer (Jun 26)
- Re: Cisco Catalyst - SNORT Gary Flynn (Jun 27)
- Re: Cisco Catalyst - SNORT Rich Adamson (Jun 27)
- Re[2]: Cisco Catalyst - SNORT Lukasz Bromirski (Jun 27)
- Re: Cisco Catalyst - SNORT Jeff Nathan (Jun 27)
- Foundry performance? (was "Re: Cisco Catalyst - SNORT") twig les (Jun 27)
- Re: Foundry performance? (was "Re: Cisco Catalyst - SNORT") Roy S. Rapoport (Jun 28)
- OT: Re: Foundry performance? Chris Green (Jun 30)
- Re: Cisco Catalyst - SNORT Gary Flynn (Jun 27)
- Re: Cisco Catalyst - SNORT Jeff Nathan (Jun 27)
- RE: Cisco Catalyst - SNORT Mike Feetham (Jun 27)