Re: [Snort-users] Is it really a HUB?
This is a discussion on Re: [Snort-users] Is it really a HUB? within the Snort forums, part of the System Security and Security Related category; I want to know if someone on this list is using the Cisco 1538 Micro Hub for snorting. In the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-26-2003
|
|||
|
|||
Re: [Snort-users] Is it really a HUB?
I want to know if someone on this list is using the Cisco 1538 Micro Hub for
snorting. In the overview pdf of this product says: - Autosensing on all ports allows automatic configuration for either 10BaseT or 100BaseT connections. - Built-in high-speed bridge function automatically connects 10BaseT and 100BaseT workstations without an external switch or router. - Embedded switch supports store-and-forward switching and filtering and forwarding rate at full-wire speed. So i don't know if snort will see all the traffic on it... Thanks, PABLO > Date: Wed, 29 Oct 2003 15:42:00 -0500 > From: "Kristofer T. Karas" <ktk@enterprise.bidmc.harvard.edu> > To: snort-users@lists.sourceforge.net > CC: Darryl Luff <dluff@iitscdm.com.au> > Subject: Re: [Snort-users] Is it really a HUB? > > Darryl Luff wrote: > > > It works as you say. Except that if your station never transmits > > anything, the switch will not learn your MAC, and will flood all > > traffic addressed TO YOU out all ports. [snip] > > Thanks... > > Right, that was the very thought that hit me in the head the > other night > as I pondered the issues further. The router with the spanned port > talks to a small handful of other routers; the only MAC > addresses seen > coming in to the hub from that port will therefore be those > of the other > routers, all of which will make their way into the hub's MAC table. > Thus, within a few seconds or so, the small hub will not send > anything > to the IDS because it knows that the source and destination MACs all > reside on the port connected to the router's spanned port; > ergo, there > is no need to copy the packets to any of its (the hub's) other ports. > > Bugger. I guess I need to find somebody that makes a small 4-port > switch where one can configure a port as a promiscuous > listening interface. > > Kris ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
