Snort mailing list archives
Re: binary logging on a 1Gbps network using a copper tap
From: Don Lord <securitymailinglists () gmail com>
Date: Wed, 8 Dec 2004 10:45:25 -0800
Interesting read. http://public.lanl.gov/radiant/pubs/ticket/PAM-2002-TICKET.pdf On Wed, 08 Dec 2004 15:49:52 +0200, Ben van der Merwe <benm () pasco co za> wrote:
I have a two part question 1) What bottlenecks are encountered when doing binary logging on a 1Gbps network. How can these be solved. I have used snort successfully for binary logging (using a 10 Mbps hub in a 1 Gbps switched environment and logging the traffic from a single target machine), but I want to scale the solution to 1Gbps. I do not employ any snort rules - I want to log everything. 2) When I construct my own copper tap according to http://www.snort.org/docs/tap/ and using Category 5e cable, it will only support up to 100 Mbps (?). Can the same diagram be used to construct a 1Gbps tap ? I guess I can use 10 100Mbps taps on 10 100 Mbps switched ports, but I am looking for a more elegant (and cheaper) solution. There is a also very nice 'single stream' tap available at http://www.securicore.ca/critical_taps/singlestream1000/. Has anybody tried this out? How many snort sensors will be required? ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- binary logging on a 1Gbps network using a copper tap Ben van der Merwe (Dec 08)
- Re: binary logging on a 1Gbps network using a copper tap Don Lord (Dec 08)
- <Possible follow-ups>
- Re: binary logging on a 1Gbps network using a copper tap Richard Bejtlich (Dec 08)