RE: Snort running stealth on Win2k

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris,
 
what exactly happens when you throw the tap in the mix? W2K/NT4
should not have any problems with taps. (I myself use the read-only
cable, no problem with W2K).
 
Regards,
Frank
- -----Original Message-----
From: Chris Arsenault [mailto:carsenault () firstedcu org]
Sent: Friday, January 04, 2002 4:15 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort running stealth on Win2k


Currently, we are running Snort 1.8.1 on Windows 2000 with 2 3 COM
3C905B NICS in the box.  I was going to use one as a
stealth/monitoring interface and one in order to provide access to
the ACID management interface to everyone in IS.  
 
We purchase a tap from http://www.shomiti.com 
I have data coming from a 3com hub that works great with the win2k
sensor NIC until I throw the tap into the mix.  Anyone get this
going?  I have read through the FAQ and various documentation on
creating a listening only Ethernet wire or using a tap but no luck on
Windows 2000.  Anyone have any detailed information on this or using
this particular tap with Windows 2000?   
 
Thanks,
 
Chris
 

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPDY22MzYtOFvgXQfEQKxrwCfX9Eyt5GNmFIp+oyGCG0ZUbRctOgAoIdP
dI7wSeMqUNUrDBPX9vjNDtY2
=E44z
-----END PGP SIGNATURE-----