Snort mailing list archives
Re: Taps and 10/100 hubs
From: Craig Paterson <craigp () tippett com>
Date: Wed, 25 Aug 2004 16:46:24 -0700
Bamm Visscher wrote:
The intelligent bridge is between 10MB and 100MB traffic. Since your IDS nic is 100MB, it will never see the 10MB traffic being sent to the hub (unless your nic can be forced down to 10MB). Even if you can force the nic to negotiate down to 10MB, every time you see that collision light on the hub go blinky-blink, another packet will be lost to /dev/null, never to be seen again (and since the router/switch passed the packet on w/o problems, don't expect a retransmit). On the positive side, your perf stats will rock ;) Bammkkkk On Wed, 25 Aug 2004 15:56:55 -0600, Mike Lieberman <mike () netwright net> wrote:... Netgear claims the hub has an "intelligent bridge automatically manages network traffic..." since two half-duplex feeds are going into the hub and the IDS is connected via a 100Mb NIC, doesn't that solve to a significant extent the collission problem? Since we would only be monitoring the bandwith coming to and from the router at 10Mb hald-duplex, I don't see where we get into buffer issues.
I tried this setup with a Linksys that obviously had the same kind of feature; it behaved just like a switch between the 10Mbit/s and 100Mbit/s hosts and was useless for IDS. Thankfully Enron had some good IT staff somewhere and a bunch of their Finisar taps ended up on Ebay after the company went down the swanney...
Craig. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Taps Paul Halliday (Aug 25)
- Re: Taps Jeff Nathan (Aug 25)
- Taps and 10/100 hubs Mike Lieberman (Aug 25)
- Re: Taps and 10/100 hubs Bamm Visscher (Aug 25)
- Re: Taps and 10/100 hubs Craig Paterson (Aug 25)
- Re: Taps and 10/100 hubs Jeff Kell (Aug 25)
- Re: Taps and 10/100 hubs Bamm Visscher (Aug 25)
- <Possible follow-ups>
- Re: Taps Richard Bejtlich (Aug 25)
- RE: Re: Taps CGhercoias (Aug 25)