Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort in a switched environment

From: counter.spy () gmx de
Date: Tue, 14 May 2002 18:50:21 +0200 (MEST)
solution a: port mirroring 
drawback: switch performance degration, packet loss at high network
utilization
(full duplex bandwidth sums up to 200Mbit/s max per port)

solution b: see attached picture (may be copied and distributed for non
commercial purposes only) 



-----Original Message-----
From: Bastian Ballmann [mailto:ballmann () co-de de]
Sent: Tuesday, May 14, 2002 10:20 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort in a switched environment



Hello!

Is it possible to run Snort in a switched environment? Cause Snort can only



sniff the traffic of the host he is running on. Unless he is doing

something


like ARP poisoning or something like this...
But I think this would lead into trouble if you run the arpspoof
preprocessor 
;)
Greets

Bastian Ballmann
-- 
Bastian Ballmann [ ballmann () co-de de ]
@ Computational Design GmbH
[ http://www.co-de.de ]



-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

Previous By Date Next
Previous By Thread Next

Current thread: