Snort mailing list archives
RE: sniffing cables and network taps
From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Fri, 11 Jul 2003 08:11:20 -0700 (PDT)
Scott, Just yesterday I posted some material on network taps at my blog. Check the last entry for 10 Jul 03: http://taosecurity.blogspot.com On my home lab I use Finisar's UTP Tap IL/1 Ethernet tap, as pictured on my blog. It cost about $400. I send the output streams to a Shuttle SB52G (http://us.shuttle.com/specs2.asp?pro_id=264) monitoring station I built with an Adaptec ANA-62044 quad-port PCI NIC, where I use FreeBSD's netgraph(4) functionality to mirror traffic to another interface. I documented the syntax in a 16 Jun 03 post to snort-users (http://marc.theaimsgroup.com/?l=snort-users&m=105585533810122&w=2). I need to change this to use a virtual interface (not a real interface without a cable) so I can free up the real interface. Sincerely, Richard Bejtlich richard at taosecurity dot com http://taosecurity.com __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sniffing cables and network taps Scott Renna (Jul 11)
- <Possible follow-ups>
- RE: sniffing cables and network taps PPowenski (Jul 11)
- RE: sniffing cables and network taps Richard Bejtlich (Jul 14)