[Bro] Monitoring 10gig.
dopheide at ncsa.illinois.edu
dopheide at ncsa.illinois.edu
Wed Dec 9 08:34:50 PST 2009
Blake,
You might want to check out cPacket:
http://www.cpacket.com/cPcFlow.html
We don't use them here, but I recall their quite a bit cheaper than a Gigamon type solution and the cPacket device can split traffic more evenly. The above article also includes a link at the bottom to the NIDS paper that Robin and Vern helped co-author.
-Mike
----- "mattern" <mattern at caltech.edu> wrote:
> We are currently in the process of deploying Bro on a 10gig network,
> and
> I am inquiring as to who of you out there have this setup or any
> incite
> as to what hardware should be utilized? My first thought was to use
> an
> appliance like a Gigamon to spread out the traffic to multiple
> workers.
> This being a costly item are there other avenues to use such as SPAN
> ports and the like?
>
> Thanks,
>
> --Blake
>
>
> --
> Blake Mattern
> Information Security
> California Institute of Technology
> 626-395-3512
> mattern at caltech.edu
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list