[Snort-users] Understanding IDS & TAPS

twig les twigles at ...131...
Wed Dec 18 10:18:05 EST 2002

Your questions span (pun!) more than the IDS field. 
Pick up a good book on switches or at least something
that explains the OSI model.  As loath as I am to
recommend reading theory, it really applies.

A short answer is that switches forward packets out of
specific ports based on a table they keep.  The table
correlates MAC address<->port relationships.  To sniff
on a switch you need one of two things: a port that
the switch sends ALL traffic to, regardless of the
destination MAC, or a piece of software like Ettercap
that does massive ARP poisoning.  For multiple obvious
reasons you prolly want to stick to the former.

--- "Carleton, Sam (SCI TW)"
<Sam_Carleton_TW at ...7796...> wrote:
> Folks,
> I understand the IDS and TAPS, but not completely. 
> The main thing is the
> physical hookup of the TAP to the IDS.  I don't
> understand the "100Mb IDS
> Tapping Diagram (with only 100bt span port)"
> diagram.  The switch being
> used, can it be any old switch or does it have to be
> something that is
> programmable?  What I don't understand is how the
> traffic gets through the
> switch.  How does the switch know where to send the
> packets which are coming
> in from the Port A and Port B?
> Sam
> This SF.NET email is sponsored by: Order your
> Holiday Geek Presents Now!
> Green Lasers, Hip Geek T-Shirts, Remote Control
> Tanks, Caffeinated Soap,
> MP3 Players,  XBox Games,  Flying Saucers,  WebCams,
>  Smart Putty.
> T H I N K G E E K . C O M      
> http://www.thinkgeek.com/sf/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the Snort-users mailing list