Snort mailing list archives
Re: Ethernet Tap
From: TKaroutsos () bcsc bc ca
Date: Fri, 13 Aug 2004 12:43:06 -0700
What about this? http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=3&Section=products&menuitem=1 It costs about $1000. US Matt Kettler <mkettler () evi-inc com> To: "STEVE MAKOUSKY" <SMAKOUS1 () FAIRVIEW ORG>, <snort-users () lists sourceforge net> Sent by: cc: snort-users-admin () lists sour Subject: Re: [Snort-users] Ethernet Tap ceforge.net 08/13/2004 12:15 At 02:31 PM 8/13/2004, STEVE MAKOUSKY wrote:
Has anyone had any luck using the tap that is described in the Doc area?
I've not used that particular tap, but looking at it the tap should work correctly.
Is there any instructions out there for building a full duplex tap?
A full-duplex single-port tap, by it's very nature, is going to have to contain a considerable amount of electronics, and cannot be a passive device. You can't funnel two 100mbit streams into a single 100mbit port without some packet buffering, re-ordering, etc, so it's going to have to have onboard memory, etc. I'd suggest buying a managed switch with a span port, it's much easier and cheaper than trying this route, or try the interface bonding trick mentioned below.
If not is it easy enough to start snort on two nics and log to the same database and handle packet reconstruction that way????
Actually, rather than try to sniff two interfaces, most people create a bonded interface that combines the two, and run snort on that. Recent versions of Linux and *BSD support interface bonding in the kernel. ie: http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-networkscripts-interfaces.html#S2-NETWORKSCRIPTS-INTERFACES-CHAN ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ethernet Tap STEVE MAKOUSKY (Aug 13)
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap Craig Paterson (Aug 13)
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap Craig Paterson (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- <Possible follow-ups>
- Re: Ethernet Tap TKaroutsos (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- RE: Ethernet Tap Turnquist,Wayne (Aug 13)
- Message not available
- RE: Ethernet Tap Matt Kettler (Aug 13)
- Message not available
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap TKaroutsos (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- Re: Ethernet Tap Bill Parker (Aug 13)