[Snort-users] Can anyone recommend an ethernet tap?

Martin Olsson elof at ...6680...
Wed Oct 6 07:48:24 EDT 2004


Ah, exactly what I was loking for. Thanx!

/Martin

On Wed, 6 Oct 2004, Eric Hines wrote:
> I would check out NetOptics. They offer a 10/100 Port Aggregator Ethernet
> Tap which means that both the A and B traffic ports are aggregated in to a
> single sniffing port so you don't end up wasting 2 NICs on the IDS or having
> to deal with bonding the 2 interfaces for Snort to see both sides of the
> traffic. You can get more information on this Tap and more at:
> http://www.appliedwatch.com/taps_network.php
>
> -----Original Message-----
> From: Martin Olsson [mailto:elof at ...6680...]
> Sent: Wednesday, October 06, 2004 5:25 AM
> To: snort-users mailinglist
> Subject: [Snort-users] Can anyone recommend an ethernet tap?
>
>
> I want to buy an ethernet tap where snort will listen.
>
> A----Tap----B
>       |
>    Sniffer
>
> Criteria:
> * 100Mbps
> * full duplex (not a hub then)
> * the throughput between A and B should be almost the same as using a
>   X-patch cable
> * the sniffer port should see both directions of the traffic (if A and B
>   generate more than 100Mbps together, start dropping packets), I do not
>   want two sniffer ports where one see A->B and the other B->A, I just
>   want one port that mirror B<->B
>
> Maybe the sniffer-port could be 1Gbps, then packets wouldn't have to be
> dropped, but I guess that the price of a gigabit tap is far more than a
> 100Mbps one...
>
> I do not want to use a hub.
> I do not want to use a switch with port mirroring support.
>
> What product(s) should I look for? Not too expensive please. :-)
>
> /Martin





More information about the Snort-users mailing list