On 2/13/06, Packet Man <[EMAIL PROTECTED]> wrote: > > I've finally finished a major upgrade to my work on > construction and use of passive network taps. > > Granted, the best tap is a commercial tap. But, a > home-built passive network tap can be used quite > successfully to monitor network traffic. > > The original paper on construction, with minor > modifications: > > http://www.altsec.info/passive-network-tap.html > > The new paper on using the tap, with recent test > lab results: > > http://www.altsec.info/pnt-sensor-data.html > > Anyone who is interested, please feel free to > have a look. For any comments, suggestions, or > corrections, please see the papers for contact > information. > > Just my way of saying thanks for all the great > information I get in this list. I hope my many > hours of testing and research benefits someone. > > Mark >
Mark, You mention "ZERO network degradation" for your last two tables, but it seems you are only looking at TX and RX errors between the parties exchanging traffic. How do you measure the number of packets captured by the sensor? For example, study 3 lists workstation having 174739 "Total Packets" (TX + RX), but the sensor has 112686 "Rx packets". Does this mean 174739-112686=62053 packets (35%) were not seen by the sensor? Also, in your first doc you say: "Granted, you could very well use switch ports to aggregate the signal from the PNT's tap jacks, or maybe even a hub (haven't tried). " Connecting tap outputs to a hub makes a great collision factory, not a way to combine tap outputs. [0]. [1] Sincerely, Richard [0] http://taosecurity.blogspot.com/2005/12/taps-and-hubs-never-ever-mix-ive.html [1] http://taosecurity.blogspot.com/2005/12/taps-and-hubs-part-deux-yesterday-i.html ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
