[Snort-users] Re: Taps and 10/100 hubs

Richard Bejtlich taosecurity at ...11827...
Wed Aug 25 18:26:12 EDT 2004


Craig Paterson wrote:

I tried this setup with a Linksys that obviously had the same kind of
feature; it behaved just like a switch between the 10Mbit/s and
100Mbit/s hosts and was useless for IDS.

--

I've had the same experience with Linksys 10/100 Mbps "hubs," even
when I bring all connected interfaces up at the same speed (either all
at 10 Mbps or all at 100 Mbps).

Every 10/100 Mbps "hub" is a switch; that's how devices at 10 Mbps can
interoperate with those at 100 Mbps on the same "hub."

However, I have had good experiences with Netgear 10/100 Mbps hubs;
when bringing interfaces up, all at the same speed, they see each
other.  It's half-duplex, but works for giving sensors visibility to
network traffic.

Sincerely,

Richard
http://www.taosecurity.com




More information about the Snort-users mailing list