[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IDS: RE: IDS taps in a switched network

To: David Newman <dnewman@networktest.com>
Subject: RE: IDS: RE: IDS taps in a switched network
From: Jackie Chan <blue0ne@igloo.org>
Date: Sat, 30 Oct 1999 15:50:19 -0400 (EDT)
cc: "R. Brockway" <rockie@apk.net>, mark.gandy@dowcorning.com, ids@uow.edu.au
In-Reply-To: <NDBBJJFLLNKDDFGCGHPIEEGPCKAA.dnewman@networktest.com>
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------
---
Someone wrote:
> Um, the spy port is just ONE port. So what happens when I define a VLAN
> with, say, 24 ports and redirect all that traffic to one spy port? All those
> packets ain't gonna fit through that one little narrow doorway. ;-)

That all depends on the aggregate bandwidth of the switch itself.  Lets
also remember that a 2924 switch has a 3.2 GB backplane.

To echo Rons post, the Shomiti Tap solution is probably the best way to
monitor traffic in a large enterprise.  It is best used in conjunction
with a 2900 switch.

Blue0ne

Follow-Ups:
- RE: IDS: RE: IDS taps in a switched network
  - From: "David Newman" <dnewman@networktest.com>

References:
- RE: IDS: RE: IDS taps in a switched network
  - From: "David Newman" <dnewman@networktest.com>

Prev by Date: Re: IDS: RE: IDS taps in a switched network
Next by Date: RE: IDS: RE: IDS taps in a switched network
Prev by thread: RE: IDS: RE: IDS taps in a switched network
Next by thread: RE: IDS: RE: IDS taps in a switched network
Index(es):
- Date
- Thread