Firewall Wizards mailing list archives
RE: Shomiti Taps, Cisco Port Mirroring and IDS
From: "franks" <franks () nfr com>
Date: Fri, 4 Jan 2002 08:47:27 -0800
Don I think that the tap uses two ports one for RX and another for TX.
So it's RX for receive pair and TX for send pair.
Router ------ Tap ------ firewall
|
|
------
RX TX
SO if you want to have the signal go to let's say a nic, you will need
to combine the signal.
-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com] On Behalf Of Don Ng
Sent: Thursday, January 03, 2002 9:19 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Shomiti Taps, Cisco Port Mirroring and IDS
Hello all, just need some assistance on the issue of
Shomiti taps. I have spoken to the vendors but they
had to check ...
I am looking at their Century taps that comes with 4
ports.
Two ports are used to place the device inline with
the segment to be monitored.
Original
Router-----Firewall
After
Router----<P 1> Century TAP <Port 2>---Firewall
| |
<P 3> <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and
Firewall---> Router for Port 4.
From the looks of things I would have to connect both
Port 3 and 4 to another Hub and plugging an network
IDS into that hub.
Router----<P 1> Century TAP <Port 2>---Firewall
| |
<P 3> <P 4>
| |
HUB
|----NID-200
Is this the optimal way to put an inline tap.
Cisco port mirroring seems to work fine mirroing
multiple ports to a single port connected to an IDS.
Glad for any help and comments.
=====
A Nobel Peace Prize for Jim Henson,
He bought laughter to a lot of people.
PS: I work in www.Quantiqint.com so
comments regarding CyberGuard FW, NFR Security, Network-1,
might be judged to be biased.
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 06)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Roelof JT Jonkman (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS John Adams (Jan 05)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 06)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)