> What we have done is to set a 10 Mb Ethernet hub up
> near the tap and run both tap ports into it. We then
> plug whatever sniffers you want into the hub and you
> will see both sides of the traffic.
Why use a tap at all if you are using a hub all the
same? You can use a read-only cable to connect your
IDS directly to the hub (as described in the snort
FAQ) and get the same effect.
Aaron
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 06 2003
Intro
