Snort mailing list archives

RE: sniffing cables and network taps

From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Fri, 11 Jul 2003 08:11:20 -0700 (PDT)

Scott,

Just yesterday I posted some material on network taps
at my blog.  Check the last entry for 10 Jul 03:

http://taosecurity.blogspot.com

On my home lab I use Finisar's UTP Tap IL/1  Ethernet
tap, as pictured on my blog.  It cost about $400.

I send the output streams to a Shuttle SB52G
(http://us.shuttle.com/specs2.asp?pro_id=264)
monitoring station I built with an Adaptec ANA-62044
quad-port PCI NIC, where I use FreeBSD's netgraph(4)
functionality to mirror traffic to another interface. 
I documented the syntax in a 16 Jun 03 post to
snort-users
(http://marc.theaimsgroup.com/?l=snort-users&m=105585533810122&w=2).
 I need to change this to use a virtual interface (not
a real interface without a cable) so I can free up the
real interface.

Sincerely,

Richard Bejtlich
richard at taosecurity dot com
http://taosecurity.com

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

sniffing cables and network taps Scott Renna (Jul 11)
- <Possible follow-ups>
- RE: sniffing cables and network taps PPowenski (Jul 11)
- RE: sniffing cables and network taps Richard Bejtlich (Jul 14)