Honeypots mailing list archives

reassemble data from TAP

From: "Vladislav V. Myasnyankin" <mvv () kazna ru>
Date: Thu, 14 Oct 2004 10:17:09 +0600

Hello,

I want to use Snort (on Linux box)  to analyze network flow to/from
honeynet. But I have some restrictions, especially I can use only Single TAP
(http://www.securicore.ca/critical_taps/singletap/) to connect sensors. This
mean, that I need 2 NIC to receive full stream (one for Rx, one for Tx
pair). I am not sure, if Snort will work well in these conditions, because
each sensor can analyze only half of the stream.
Is there any software solution for Linux to "restore" full stream, direct it
to some pseudo-NIC, then "connect" snort to this pseudo-NIC?

Thanks in advance!

--
regards,
Vladislav V. Myasnyankin
Chief Information Security Officer
Bank "Severnaya Kazna".
www.kazna.ru / www.internetbank.ru
mvv at kazna.ru
phone (343) 359-27-32, 059
     fax (343) 359-27-34
Personal homepage --> http://cybervlad.net

Current thread:

Honeywall running on SPARC? Lefti (Oct 13)
- Re: Honeywall running on SPARC? Patrick McCarty (Oct 13)
- reassemble data from TAP Vladislav V. Myasnyankin (Oct 14)
  - Re: reassemble data from TAP Richard Windmann (Oct 14)
  - Re: reassemble data from TAP ADT (Oct 14)
  - Re: reassemble data from TAP Kyle Maxwell (Oct 14)
- Re: {Spam?} Honeywall running on SPARC? Haris Koutsouris (Oct 15)
  - Re: {Spam?} Honeywall running on SPARC? Valdis . Kletnieks (Oct 18)
    - Re: {Spam?} Honeywall running on SPARC? Haris Koutsouris (Oct 18)