[unisog] IDS INFO

John Kristoff jtk at depaul.edu
Fri Aug 31 19:13:45 GMT 2001


Dan Sutherland wrote:
> We are trying to fiugure out a way to gather IDS data via gigabit LX taps, but it seems that there are a number of obticles. Apparently, you will loose lower level errors if you use port-mirroring on a switch, not to mention the amount of data that is lost due to light splitting. Does any one have any suggestions or information as to how this might be done?
> 

Not at all any kind of endorsement, because I haven't actually used them
yet and cannot say anything good or bad, but you might want to learn
more about this organization's gear:

http://www.toplayer.com

There are potentially other problems with port mirroring.  Imagine for
instance if you are just mirroring a single gig port to another. 
Probably very unlikely in most of your environments, but if the port to
be mirrored is receiving and transmitting at full capacity, you will not
be able to mirror both inbound and outbound traffic to a single port. 
You would either need to mirror traffic in one direction or accept the
loss of some traffic.

John



More information about the unisog mailing list