SPAN groups and network taps

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Hi,

I'm currently using Snort with a SPAN group on a Cisco 6500 switch to one port, and I'm contemplating whether or not 
this is sufficient.

For those cisco experts out there, what's the limitation regarding egress mirroring on the 6500?  Is it 1 per switch, 
or 1 per port span group?  I've got 4 main ports I want to mirror all the traffic to inspect with snort, and ideally 
I'd like to see BOTH directions of all traffic.  I'm also capturing all traffic with Daemonlogger on the snort boxes 
and keeping that around a week or so to help with incident response.  I'd like to see both sides of the traffic there 
too.

Any suggestions for network taps?  I guess depending on the answer to my question above, it will dictate how I approach 
the network tap configuration, or maybe multiple NICs on the snort machine itself and still utilize SPAN ports/groups.

The taps at http://www.datacomsystems.com/ seem interesting...

Thanks,
Shawn

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users