Snort mailing list archives
Re: Snort readng across switches?
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 26 Jan 2004 16:56:56 -0500
At 11:44 AM 1/26/2004, M. Morgan wrote:
Hello all,I've noticed that my snort sensors, plugged into different places on cascaded cisco 2600 series switches are getting different readings. This leads me to believe that snort is only sensing traffic on the switch it is plugged into. Does it read across cascaded switches or must each switch have a snort node sniffing it?
By definition, switches don't forward traffic to nodes that don't need it.. Unless you've configured your switches with cascaded mirror ports, then no, snort will NOT see traffic accross the switches.
Heck, without a mirror port, snort won't even see all the traffic for the switch it's plugged into.
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort readng across switches? M. Morgan (Jan 26)
- Message not available
- Re: Snort readng across switches? Matt Kettler (Jan 26)
- Message not available
- <Possible follow-ups>
- RE: Snort readng across switches? SN ORT (Jan 27)