[Snort-users] RE: sniffing cables and network taps

Richard Bejtlich richard_bejtlich at ...131...
Mon Jul 14 09:26:16 EDT 2003


Just yesterday I posted some material on network taps
at my blog.  Check the last entry for 10 Jul 03:


On my home lab I use Finisar's UTP Tap IL/1  Ethernet
tap, as pictured on my blog.  It cost about $400.

I send the output streams to a Shuttle SB52G
monitoring station I built with an Adaptec ANA-62044
quad-port PCI NIC, where I use FreeBSD's netgraph(4)
functionality to mirror traffic to another interface. 
I documented the syntax in a 16 Jun 03 post to
 I need to change this to use a virtual interface (not
a real interface without a cable) so I can free up the
real interface.


Richard Bejtlich
richard at taosecurity dot com

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the Snort-users mailing list