IDS: Re: port bonding and taps

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Re: port bonding and taps

From: "Sam f. Stover" <sstover () iwc sytexinc com>
Date: Thu, 2 Oct 2003 11:31:37 -0400

On Thursday, October 2, 2003, at 10:57 AM, Jeffrey.Stebelton () bisys comwrote:

What we have done is to set a 10 Mb Ethernet hub up near the tap andrunboth tap ports into it. We then plug whatever sniffers you want intothe
hub and you will see both sides of the traffic.

I think this works in a very small environment, but doesn't scale toowell. Since the tap ports aren't participating in an Ethernet networkthe way a normal host does, there is a real opportunity for collisions.Especially when using a hub which is real dumb about things like this.

It's all about your budget and needs, but for a little more money youcan get a Cisco 2900 (or whatever vendor you prefer) which can mirrorboth Tx and Rx ports to a common port without the risk of collision.



SfS


____
S.f.Stover
sstover () iwc sytexinc com

Attachment: PGP.sig
Description:

By Date By Thread

Current thread:

port bonding and taps John Flynn (Oct 02)
- Re: port bonding and taps Bamm Visscher (Oct 02)
- <Possible follow-ups>
- Re: port bonding and taps Jeffrey . Stebelton (Oct 02)
  - Re: port bonding and taps Michael Stone (Oct 02)
  - Re: port bonding and taps Sam f. Stover (Oct 02)
  - Re: port bonding and taps Bamm Visscher (Oct 06)
- RE: port bonding and taps PPowenski (Oct 02)
  - Re: port bonding and taps Sam f. Stover (Oct 02)
    - Re: port bonding and taps Bennett Todd (Oct 06)
    - Re: port bonding and taps Sam f. Stover (Oct 06)