[Snort-users] Taps

Paul Halliday paul.halliday at ...11827...
Wed Aug 25 05:45:19 EDT 2004


I am currently using this tap:

http://www.snort.org/docs/tap/

This tap sits between a cisco catalyst switch and a 2600 router. The
link is full duplex and I am only capturing traffic on one of the
ports on the tap. I have tried a cable in the other port and I dont
get a link light. I have double checked the construction and
everything seems to be as per the documentation. Has anyone else
managed to get both streams with the use of this tap?

Also, looking at:

http://www.snort.org/docs/100Mb_tapping1.pdf

Would this be the better way to go? Is the item in the top left of
this picture the same as the above tap? And the use of the switch is
simply to combine the two streams?

I have looked at purchasing a real tap from Securicore Inc that
combines both streams into one on its own but they want 1300 CAD for
one of these which is not really in our budget atm.

What, if any, are my other options? -or- What have I missed on the construction.

Thanks.

-- 
_________________
Paul Halliday
http://dp.penix.org

"Diplomacy is the art of saying "Nice doggie!" till you can find a rock."




More information about the Snort-users mailing list