[unisog] Network taps for IDS

Jeff Anderson-Lee jonah at dlp.CS.Berkeley.EDU
Fri Nov 9 16:19:27 GMT 2001


You can always do creative cabling on CAT5(e).  Split the two pairs for
each connection onto two separate plugs and use two hubs: one for
incoming traffic and one for outbound.  Of course in some cases you may
need to somehow balance the missing pair so that the hub doesn't think
it has a link fault, but that's probably just A Small Matter Of
Wiring.

Jeff Anderson-Lee
Systems Manager, Digital Library Project
ERL, University of California at Berkeley

Re:
 :From:  Peter Van Epp <vanepp at sfu.ca>
 :To:  unisog at sans.org
 :Subject:  Re: [unisog] Network taps for IDS
 :Date:  Fri, 9 Nov 2001 07:29:29 -0800 (PST)
 :
 :> 
 :> On Thu, Nov 08, 2001 at 03:38:49PM -0600, John Kristoff wrote:
 :> 
 :> > If you have a shared hub, you can put the mirrored port to it, then on
 :> 
 :> Not only that, but if you have it going to a shared hub, you *will*
 :> find times when you are glad to be able to have other things plugged
 :> into it....  argus.. IDS.... sniffer...
 :> 
 :
 :	The downside to this (as opposed to a tap) is of course that the 
 :hub forces the connection in to half duplex and thus cuts performance 
 :substantially. The taps are capable of operating full duplex (as long as your
 :monitor is of course).
 :
 :Peter Van Epp / Operations and Technical Support 
 :Simon Fraser University, Burnaby, B.C. Canada
 :



More information about the unisog mailing list