From owner-freebsd-security Tue Oct 8 13:59:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B449B37B404 for ; Tue, 8 Oct 2002 13:59:09 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC3B243E6A for ; Tue, 8 Oct 2002 13:59:08 -0700 (PDT) (envelope-from freebsd@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id g98Kw1uj010590; Tue, 8 Oct 2002 14:58:05 -0600 (MDT) (envelope-from freebsd@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: Matt Piechota , twig les Cc: freebsd-security@FreeBSD.ORG Subject: Re: Sniffer nic Date: Tue, 8 Oct 2002 14:58:01 -0600 Message-Id: <20021008205801.M19596@babayaga.neotext.ca> In-Reply-To: <20021008140221.R396-100000@cithaeron.argolis.org> References: <20021008175440.76297.qmail@web10107.mail.yahoo.com> <20021008140221.R396-100000@cithaeron.argolis.org> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (freebsd) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmm. I don't know anything about the cards mentioned here or the application you are putting the sniffer to, but you should consider whether you need to look outside the usual sense window for the card -- iff you are looking for network layer virii or other out-band transmissions. Dhu > On Tue, 8 Oct 2002, twig les wrote: > > > Hey *, I need another nic (10/100 copper) for sniffing > > and was wondering if anyone had input as to which one > > kicks ass. I'm planning on either an Intel Pro or > > 3Com, not sure which model yet. Anyone had something > > so good that they want to recommend it? The box is > > 4.6 Release (fully patched) running Snort 1.8.7. > > Hardware is dual P3-1GHz, 2gig ram, scsi blah blah > > blah, the only really interesting thing is that I have > > an empty 64-bit, 66mhz PCI slot so I can use that for > > a good nic if possible. > > I've had good luck with Intel 8255x NICs, ie > EtherExpress Pro, both in card form and in laptops > (built-in). I could record a most saturated 100Mbit > line on a P2-350 (using Ethereal and FreeBSD) > > -- > Matt Piechota > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message Duncan Patton a Campbell is Duihb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message