Snort mailing list archives

Re: snort placement

From: neptuna <neptuna () neptuna org>
Date: 05 Aug 2002 05:30:04 -0400


<If it's really a switch, you should only see traffic to and from that
port on the switch.  You should see if it is possible for you to set up
mirroring on the switch, otherwise put Snort on the router/FW (get a
cheap x86 box) monitoring your internal interface.>

Yes, i believe that is what was happening.

      
< The best way would be to get a tap (I know, you probably don't care to
spend that much on a home IDS system. Can anybody guess how much a cheap
tap would cost for this?) or a hub and set it up like this:

CM -- Router/FW/Snort -- Switch 
       \                                                 
         \ _ Snort


What is a tap? Not sure  I understand the above diagram. where does the
hub come in.





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort placement neptuna (Aug 04)
- Re: snort placement Christopher Cook (Aug 04)
  - Re: snort placement neptuna (Aug 04)
    - Re: snort placement Nicholas Bachmann (Aug 04)
    - Re: snort placement David Yip (Aug 04)
    - Re: snort placement Christopher Cook (Aug 04)
    - Re: snort placement neptuna (Aug 04)
    - Re: snort placement Andreas Östling (Aug 04)
    - Re: snort placement neptuna (Aug 04)
    - Re: snort placement Christopher Cook (Aug 04)
    - Re: snort placement neptuna (Aug 04)
- Re: snort placement J. Craig Woods (Aug 04)
  - Re: snort placement neptuna (Aug 04)
- <Possible follow-ups>
- Re: snort placement Subba Rao (Aug 05)
  - Re: snort placement neptuna (Aug 05)