[Snort-users] RE: sniffing cables and network taps

Richard Bejtlich richard_bejtlich at ...131...
Mon Jul 14 09:26:16 EDT 2003


Scott,

Just yesterday I posted some material on network taps
at my blog.  Check the last entry for 10 Jul 03:

http://taosecurity.blogspot.com

On my home lab I use Finisar's UTP Tap IL/1  Ethernet
tap, as pictured on my blog.  It cost about $400.

I send the output streams to a Shuttle SB52G
(http://us.shuttle.com/specs2.asp?pro_id=264)
monitoring station I built with an Adaptec ANA-62044
quad-port PCI NIC, where I use FreeBSD's netgraph(4)
functionality to mirror traffic to another interface. 
I documented the syntax in a 16 Jun 03 post to
snort-users
(http://marc.theaimsgroup.com/?l=snort-users&m=105585533810122&w=2).
 I need to change this to use a virtual interface (not
a real interface without a cable) so I can free up the
real interface.

Sincerely,

Richard Bejtlich
richard at taosecurity dot com
http://taosecurity.com

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




More information about the Snort-users mailing list