Snort mailing list archives
Re: Can anyone recommend an ethernet tap?
From: Chris Green <cmg () uab edu>
Date: Wed, 06 Oct 2004 09:29:39 -0400
Martin Olsson <elof () sentor se> writes:
I want to buy an ethernet tap where snort will listen.
A----Tap----B
|
Sniffer
Criteria:
* 100Mbps
* full duplex (not a hub then)
* the throughput between A and B should be almost the same as using a
X-patch cable
* the sniffer port should see both directions of the traffic (if A and B
generate more than 100Mbps together, start dropping packets), I do not
want two sniffer ports where one see A->B and the other B->A, I just
want one port that mirror B<->B
That contradicts the previous two requirements since you'll have the potential for 200Mbps of traffic or simultaneous transmits. It's an easier problem to solve sniffing with 2 cards to combine both sides again ( google for "snort bond0"). To solve that problem any other way requires a lot more sophisticated circuitry which gets you out of the cheap solution you're looking for. You will want either a NetOptics or Finisar tap. Go for whatever one is cheaper. On the very high end ($$$), there are the toplayer IDS load balancers that allow you to plop flows between devices as you need and could provide the backend logic to merge things back together but that will set you back a pretty penny. I just recently got a chance to see one of them in action as was pretty impressed with the capabilities. -- Chris Green <cmg () dok org> "Yeah, but you're taking the universe out of context." ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can anyone recommend an ethernet tap? Martin Olsson (Oct 06)
- RE: Can anyone recommend an ethernet tap? Eric Hines (Oct 06)
- RE: Can anyone recommend an ethernet tap? Martin Olsson (Oct 06)
- Re: Can anyone recommend an ethernet tap? Chris Green (Oct 06)
- Re: Can anyone recommend an ethernet tap? Sp0ng3b0b (Oct 06)
- Re: Can anyone recommend an ethernet tap? Matt Kettler (Oct 06)
- Re: Can anyone recommend an ethernet tap? Scot Wiedenfeld (Oct 14)
- RE: Can anyone recommend an ethernet tap? Eric Hines (Oct 06)