Firewall Wizards mailing list archives
RE: Shomiti Taps, Cisco Port Mirroring and IDS
From: "franks" <franks () nfr com>
Date: Fri, 4 Jan 2002 14:27:14 -0800
The thing to use is a media converter, (honestly I'm not sure who makes them) Or use a OS that can help 're-integrate' the signal. I think that a BSD box with two nic's can do this [I think] -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com] On Behalf Of Paul Cardon Sent: Friday, January 04, 2002 6:43 AM To: Don Ng Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Shomiti Taps, Cisco Port Mirroring and IDS Don Ng wrote:
Hello all, just need some assistance on the issue of
Shomiti taps. I have spoken to the vendors but they
had to check ...
I am looking at their Century taps that comes with 4
ports.
Two ports are used to place the device inline with
the segment to be monitored.
Original
Router-----Firewall
After
Router----<P 1> Century TAP <Port 2>---Firewall
| |
<P 3> <P 4>
The vendors advised me that for the other 2 ports, I
was told that each port mirrored out one direction
flow. Eg. Router --->Firewall for Port 3 and
Firewall---> Router for Port 4.
From the looks of things I would have to connect both
Port 3 and 4 to another Hub and plugging an network
IDS into that hub.
Router----<P 1> Century TAP <Port 2>---Firewall
| |
<P 3> <P 4>
| |
HUB
|----NID-200
Is this the optimal way to put an inline tap.
Cisco port mirroring seems to work fine mirroing
multiple ports to a single port connected to an IDS.
No, using a hub could lead to collisions and loss of packets when combining the two directions. Use a switch that can queue the packets. -paul _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 06)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Roelof JT Jonkman (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS John Adams (Jan 05)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 06)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)