Regarding the passive TAPs designed on the snort page for use with ntop:
We made up a whole patch panel of these to plug into our ntop machines for monitoring. It works great. It even passes the Cat5 test on our Fluke meter with the following caveats: - fails impedance test if you go through the patch panel and have the other ports connected to the sniffer/ntop box. - takes down the connection if you plug a cable into either of the "sniffer" ports, but don't plug it into a machine. In other words, don't leave cables dangling out of the sniffer ports and when you disconnect the sniffer, always do it at the patch panel! - requires a linux kernel that supports bonding of the ethernet cards Otherwise, it appears that the model you pay $400+ for probably has an external power supply to solve the first two caveats listed above! --Greg On Tue, 16 Mar 2004, Burton M. Strauss III wrote: > Date: Tue, 16 Mar 2004 17:40:33 -0600 > From: Burton M. Strauss III <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] plea for information > > Conceptually the right answer, but ... YMMV - even some of the US$20 4 port > hubs have become switching hubs - I think that it's become a commodity > problem - there's one cheap chipset so everyone uses it kind of stuff. > > I use an older Linksys EFAH08W 10/100 hub, but it has to be the v1 unit, the > v3 is a switching hub! > > There's also a design @ snort.org for a passive Ethernet tap. > http://www.snort.org/docs/tap/ It looks like it should work as well as the > ones sold for US$900 (although I hope those devices are more than a few > passive wires...). But I haven't tested it. > > > -----Burton > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike > > Tremaine > > Sent: Tuesday, March 16, 2004 11:06 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Ntop] plea for information > > > > > > On Tue, 2004-03-16 at 08:46, Michael Handiboe wrote: > > > http://article.gmane.org/gmane.linux.ntop.general/5081 > > > > > > This is exactly what I needed and I share the same concerns: > > > real hubs are getting hard to find ... what does the industry > > > expect us to do when we need to sniff our networks!?!?!? > > > > > > > Sometimes the easiest thing to do is buy (beg, steal) a 4 port hub and > > plug the uplink port of the switch into it, as well as the ntop box (or > > snort, or whatever) and the other end of the connection. > > > > This will get you all of the traffic that is inbound and outbound (but > > not cross traffic on the switch). Plus it is very cheap. 4 port hubs are > > generally less then $20. > > > > That should at least allow you (your boss) to get a better idea of whats > > going on and evaluate if it is worth getting a better switch. > > > > > > -- > > Mike Tremaine > > [EMAIL PROTECTED] > > http://www.stellarcore.net > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > =============================================================================== Greg Redder Academic Computing & Networking Services Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958 601 S. Howes, Room 625 E-mail: [EMAIL PROTECTED] Fort Collins, CO 80523 PGP Fprint:299F83B58A72BE7428E064E801749C69FFA537C6 =============================================================================== _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
