Snort mailing list archives
Re: Ethernet Tap
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 15 Apr 2004 14:18:21 -0400
At 11:13 AM 4/15/2004, Altrock, Jens wrote:
I am searching for a possibility of constructing an ethernet tap, but not like the one found on the snort website where I need to attach two network cards to inspect the whole traffic, but one using one port for a full duplex line. Is that possible and does anyone have some links concerning this topic? Would be nice.
In short, you can't do such a bi-directonal tap into a single ethenet port in a simple way. Such a tap cannot be done in a passive manner and must be a buffered system with memory, and have a lot of electronics.. It would be much cheaper to spend the money on a manageable switch with span port capability.
Think about it. You want to feed 100mbit/sec outbound AND 100mbit/sec inbound into a single 100mbit/sec ethernet port. Sorry, you can't do that just by soldering a few wires together.
The simple cheap passive tap is simple and cheap because it relies on the fact that you can feed a single 100mbit/sec stream into a 100mbit/sec port pretty easily. So you just dump the inbound into one port, the outbound into another. Poof, instant passive tap, but it requires 2 ethernet cards.
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ethernet Tap Altrock, Jens (Apr 15)
- Re: Ethernet Tap Matt Kettler (Apr 15)
- Re: Ethernet Tap Sean Lazar (Apr 15)
- <Possible follow-ups>
- Re: Ethernet Tap Richard Bejtlich (Apr 16)