AW: [Snort-devel] TAP usage
Sandro.Poppi at ...1204...
Tue Jun 17 06:16:18 EDT 2003
Paul, you asked about TAPs yesterday and got 2 answers (see
<http://marc.theaimsgroup.com/?t=105576743400003&r=1&w=2> &r=1&w=2). It is
of course necessary to reassemble the 2 splitted data streams from the Taps.
This can be achieved as suggested yesterday via linux channel bonding (or
the *BSD equivalent), using a switch with port aggregation and port
mirroring, with special equipment like toplayer switches, or as you've
already tested with a hub. All have pros and cons. These have also already
been discussed on the snort-users list so give the archives a search ;)
I have setup the router/switch method of connecting a snort sensor, and I
have used the hub method.
More information about the Snort-devel