Re: THG and TAPs
From: Jerry W. Lundy (jwlundy@aafes.com)Date: 12/24/01
- Previous message: jim terry: "Embedded Signatures on Cisco IDS"
- In reply to: jim terry: "THG and TAPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Dec 2001 10:05:44 -0600 From: "Jerry W. Lundy" <jwlundy@aafes.com> To: focus-ids@securityfocus.com
Greetings.
jim terry wrote:
>
> Please help me on some terminology.
>
> Recent posts have referred to THGs and TAPs. I take it a TAP is like a hub
> but it must be a little different.
>
> What exactly are these terms?
>
A tap is a passive device that separates the data flows in a full duplex
line and allows them to be monitored without altering the data flow
itself. It's placed between two network devices that have interesting
traffic (e.g. between a switch and a router). Each directional data flow
is placed on a separate Ethernet line to prevent collisions. Data
collection requires two interfaces to monitor the traffic.
A THG (Ten/Hundred/Gigabit) is an analyzer that pulls the split data
streams back together for stateful analysis.
Shomiti made ethernet taps and analyzers fro network troubleshooting.
Lots of people used their taps for IDS. Shomiti was acquired by Finisar
(http://www.finisar.com) a couple of years ago. Detailed info is
available on their website. I've used a number of their tap sets for the
last three years with good results.
Cheers,
Jerry Lundy
- Previous message: jim terry: "Embedded Signatures on Cisco IDS"
- In reply to: jim terry: "THG and TAPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
