[Bro] Network tap issues

Daniel Manzo daniel.manzo at bayer.com
Wed Jun 21 08:09:09 PDT 2017

Sorry for the confusion, I am referring to the two TX output ports as a duplex "monitor" port. We have a duplex cable going from the two TX output ports to the NIC, so perhaps we can split the cable and plug each individual fiber into its own SFP. However, shouldn't I be seeing some sort of traffic on the NIC? Since both fibers of the duplex are transmitting, either one of them has to be in the rx port on the NIC, so I would then be seeing some packets, correct? If you think splitting the duplex cable from the TX output ports would fix the problem, then I will do so.

-----Original Message-----
From: Azoff, Justin S [mailto:jazoff at illinois.edu] 
Sent: Wednesday, June 21, 2017 10:27 AM
To: Daniel Manzo
Cc: Bro-IDS
Subject: Re: [Bro] Network tap issues

> On Jun 21, 2017, at 9:20 AM, Daniel Manzo <daniel.manzo at bayer.com> wrote:
> The connection in port A is coming from Level 3 internet and the connection in port B is going to a network switch. The monitor port

I'm confused on what you mean by "the monitor port".  A passive fiber tap has two rx/tx input ports and two tx only output ports, one for each direction.  

The two outputs need to be connected to the rx ports on two separate NICs, you can't just connect them to a single nic, as you'd be connecting one of the tx ports from the tap to a tx port on the NIC.

- Justin Azoff

More information about the Bro mailing list