Snort mailing list archives
Re: Port Mirroring
From: Scott Link <linksg () slu edu>
Date: Tue, 6 Dec 2016 19:33:17 -0600
If this is for a home lab, Microtik makes an affordable router/switch that works pretty well. I'm using an RB750GL and it's been sufficient. I'm mirroring ports (wireless AP and a couple of wired devices) to a monitor port feeding an Intel NUC running Security Onion. It was $60 well spent, I think. It's the gateway for my internal networks before connecting to the ISP's modem/gateway. (I've used it with Charter and ATT UVerse...) On Tue, Dec 6, 2016 at 7:25 PM, Ryan Shuck <rshuck () gmail com> wrote:
All passive taps like those listed above will not work with 1000M connections, they will only work with 100M. There are cheap linksys switches with port mirroring capability that can be had for under $100. On Tue, Dec 6, 2016 at 8:00 PM, Michael Steele <michaels () winsnort com> wrote:If you want to have some fun building a rather unique tap, or buy one: https://greatscottgadgets.com/throwingstar/ Kindest regards, Michael... WINSNORT.com Management -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* *From:* Russ [mailto:rucombs () cisco com] *Sent:* Tuesday, December 6, 2016 12:17 PM *To:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Port Mirroring These are cheap and work well: http://www.dual-comm.com/port-mirroring-LAN_switch.htm On 12/6/16 12:08 PM, Michael Steele wrote: http://www.winsnort.com/tutorials/article/12-how-to-create- and-install-a-passive-ethernet-tap/ Kindest regards, Michael... WINSNORT.com Management -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* *From:* Justin Pederson [mailto:jpedersm () gmail com <jpedersm () gmail com>] *Sent:* Tuesday, December 6, 2016 9:44 AM *To:* snort-users mailinglist <snort-users () lists sourceforge net> <snort-users () lists sourceforge net> *Subject:* [Snort-users] Port Mirroring What are you guys doing to Mirror Ports. I was going to use my wireless router I got from the ISP but I found out last night this can not be done with it. I do have a 2950 and 2960 switch that I can setup mirroring on but you rather not have them running in my office constantly. Any idea on what the difference between a hub and network tap will be? If the network tap is the way to go any idea on some have way decent ones for a home lab? ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------ ------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------ ------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Scott Link | Manager - Security Operations | Saint Louis University <http://www.slu.edu> 3545 Lindell Boulevard, The Marvin and Harlene Wool Center | T 314-977-9713 <314-977-3471> [image: www.slu.edu] <http://www.slu.edu>
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Port Mirroring Justin Pederson (Dec 06)
- Re: Port Mirroring Michael Steele (Dec 06)
- Re: Port Mirroring Russ (Dec 06)
- Re: Port Mirroring Michael Steele (Dec 06)
- Re: Port Mirroring Ryan Shuck (Dec 06)
- Re: Port Mirroring Scott Link (Dec 06)
- Re: Port Mirroring Russ (Dec 06)
- Re: Port Mirroring Michael Steele (Dec 06)
- Re: Port Mirroring Justin Pederson (Dec 07)