SNORT or NTOP would be good for the particular needs. Using a SPAN port on your uplink to a passive squid server won't work, because it's TCP, and requires a handshake. Scott -----Original Message----- From: Dave Rhodes [mailto:DaveRhodes@xxxxxxxxxx] Sent: Tuesday, April 17, 2007 3:23 PM To: Amos Jeffries; list@xxxxxxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx Subject: RE: Squid and Mirrored Router Ports Ed, are you sure your management doesn't mean SNORT? I think that's what your looking for. It's a pretty good IDS system. Squid's pretty serial in nature... What goes in must come out kind of thing. SNORT sits on your backbone and passively monitors/records traffic. Dave
