[unisog] Network taps for IDS

H. Morrow Long morrow.long at yale.edu
Thu Nov 8 21:16:28 GMT 2001


See Finisar Systems in line taps and splitters:

	http://www.finisar-systems.com/htdocssh/products/taps/index.html

They used to be part of Shomiti Systems.

- H. Morrow Long

Greg Francis wrote:
> 
> I'm setting up a permanent Snort IDS and I would like to tap into various
> parts of the network that lie between the routers and switches. Currently, I
> mirror the inbound switch port to dump the traffic to the IDS box. However,
> since we can only mirror a port to one other port, we'd have to disable the
> mirror periodically to do diagnostics and sometimes it doesn't get switched
> back. It also adds overhead to the switch that I would rather avoid.
> 
> What I'm wondering is if there is a splitter or tap that you can put on a
> CAT5 connection (both 10 and 100 Mbps) that would alleviate the need for me
> to mirror one of the ports. I've thought about putting a hub in between the
> two switches but that doesn't sound very appealing as a long-term solution.
> 
> It can't do anything to degrade performance, increase hop counts, etc.
> 
> I want to do this at multiple points in the network. All of the equipment is
> CAT5 and in secure locations.
> 
> Any solutions out there?
> 
> Thanks,
> Greg
> 
> --
> Greg Francis
> Sr. System Administrator
> Gonzaga University
> francis at gonzaga.edu
> 509-323-6896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4243 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20011108/8a97ba8f/smime-0007.bin


More information about the unisog mailing list