IDS mailing list archives
Network Tap Technology (was: RE: Gig TAPs)
From: robert.d.turner () bt com
Date: Wed, 5 Feb 2003 22:17:40 -0000
Hi <Discussions about source of Intrusion tap deleted> I must admit to being surprised at the claim that the intrusion taps were being made by NetOptics. There are some major differences in the Intrusion tap that make them quite a different beast from the Shomiti/Finisar/NetOptics versions. (sorry, Peter, a tap is not a tap is not a tap). (Info from https://www.intrusion.com/products/downloads/TapPO_1102.pdf) The Shomiti-style tap is a device that you insert 'into' a network cable, and which produces two half-duplex, uni-directional, feeds which you then need to re-merge for IDS, either in the IDS itself or in a hub/switch arrangement. The differences between the various vendors is the complexity of the box - is it autodetect 10/100, fdx/hdx and which cable (straight or crossover) is required. The Intrusion tap is, on the other hand, a device that you insert 'into' a network cable (similar so far) but which gives a single output cable which can be used to 'reset malicious connections'.
From my understanding of networking terminology, this makes the
tap a single-purpose switch with a dedicated span/mirror port.
From my understanding, this means that you have the same
limitations as putting the output from a 'traditional' tap into a 100Mbps switch and spanning the output (without the risk of collisions). Namely, if the total traffic on the originating cable exceeds 100Mbps (i.e. 60Mbps in one direction and 50Mbps in the other at the same time) then you lose a proportion of the traffic. The fact that the second cable is Full Duplex is irrelevant - it can still only transmit 100Mbps of data in one direction at one time. I am happy to be proved wrong if this is incorrect! Therefore, the Intrusion style tap is perfect for lower to mid bandwidth situations, but I do feel that the only 'real' solution for higher bandwidth is a device that can take two direct feeds from a tap or dual span device, or moving up to a Gbps solution. Robert (Wearing my flame-proof suit tonight, so fire away!) -- Robert Turner GCIA Security Solutions Designer & Analyst BT Secure Business Services T: +44 (0)113 244 5951 F: +44 (0)113 244 5657 Robert.D.Turner () bt com == # include std.disclaimer ===================================== British Telecommunications plc Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no. 1800000 This electronic message contains information from British Telecommunications plc which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. Activity and use of the British Telecommunications plc E-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. =================================================================
Current thread:
- Network Tap Technology (was: RE: Gig TAPs) robert . d . turner (Feb 05)