Snort mailing list archives
RE: Re: Taps
From: <CGhercoias () TWEC COM>
Date: Wed, 25 Aug 2004 16:12:04 -0400
http://www.netoptics.com/products/product_family.asp?Section=products&ci d=1&menuitem=1 A lot to chose from, we are using http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=4 &Section=products&menuitem=1 this one for two years already without any issues. Costs us 600$ back then, maybe they are cheaper now. _________________ LordHex, The Lord Of The (Token)Ring: (the fellowship of the packet) "One Ring to link them all, One Ring to ping them, one Ring to bring them all and in the darkness sniff them." -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Richard Bejtlich Sent: Wednesday, August 25, 2004 1:07 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Re: Taps Paul Halliday wrote: I have looked at purchasing a real tap from Securicore Inc that combines both streams into one on its own but they want 1300 CAD for one of these which is not really in our budget atm. What, if any, are my other options? -- Hi Paul, I don't recommend using the homebrew "taps." If you want a real tap, but can't afford the single-output version, consider a traditional two-output tap like the Net Optics 10/100 Ethernet product. [0] It's less than half the price of the single-output taps. By the way, if you do want to buy a single-output tap, make sure it's built with buffers to handle any bursts above the 100 Mbps aggregate limit. [1] You can use a channel-bonding solution to make the two TX outputs look like a single virtual interface on the sensor. I documented one approach for FreeBSD. [2] My book on network security monitoring has an entire chapter on the subject of gaining access to traffic, comparing hubs, taps, SPAN ports, and inline devices. [3] Sincerely, Richard http://www.taosecurity.com [0] http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=4 &Section=products&menuitem=1 [1] http://taosecurity.blogspot.com/2004_01_01_taosecurity_archive.html#1073 43843939477952 [2] http://www.mcabee.org/lists/snort-users/Dec-03/msg00454.html [3] http://www.taosecurity.com/books.html ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Taps Paul Halliday (Aug 25)
- Re: Taps Jeff Nathan (Aug 25)
- Taps and 10/100 hubs Mike Lieberman (Aug 25)
- Re: Taps and 10/100 hubs Bamm Visscher (Aug 25)
- Re: Taps and 10/100 hubs Craig Paterson (Aug 25)
- Re: Taps and 10/100 hubs Jeff Kell (Aug 25)
- Re: Taps and 10/100 hubs Bamm Visscher (Aug 25)
- <Possible follow-ups>
- Re: Taps Richard Bejtlich (Aug 25)
- RE: Re: Taps CGhercoias (Aug 25)