[Snort-users] Newbie question - I did read the FAQ first.

Jim Richards jrichards at ...11930...
Tue Aug 24 03:24:04 EDT 2004


<snip>
Is this type of Tap compatible with SNORT?

If yes, is the information on "Terminate Sessions" on page 17 still accurate
with the need for two Taps and a Top Layer Switch or can it be done with
this type of single Active Tap?

Also, there is a Datacom Systems' SINGLEstream which has Two Taps, both of
which "combine the two data streams, allowing any connected 10/100
monitoring device to receive a full-duplex stream of data with one NIC."
Could this be used for bi-directional Kills? 
</snip>


Yes, this type of tap is compatable with snort but if you are looking to kill connections, you can not use a tap.  A tap by it's very nature is just that - a tap into a physical connection and therefore is a "read only" port...nothing can be sent back to the tap via these ports.

Jim Richards






More information about the Snort-users mailing list