Snort mailing list archives
Re: how to use snort in a switched environment
From: Erek Adams <erek () snort org>
Date: Wed, 14 May 2003 10:11:53 -0400 (EDT)
On Wed, 14 May 2003, Jeremy Rodriguez wrote:
From snort DOCS:Q: I'm on a switched network, can I still use Snort? A: Being able to sniff on a switched network depends on what type of switch is being used. If the switch can mirror traffic, then set the switch to mirror all traffic to the snort machine's port. My question is that I have a Cisco WS-C2924-XL and I was wondering if anyone has used snort and these switches successfully.
[...snip...] 2924's can be configed to use a SPAN port. Just don't do that if you have a high sustained traffic rate, else the switch will fall over and die. Check Cisco's site for details on how to config a SPAN port on those. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to use snort in a switched environment Jeremy Rodriguez (May 14)
- Re: how to use snort in a switched environment Erek Adams (May 14)
- Re: how to use snort in a switched environment Carlos Felix (May 14)
- Message not available
- RE: how to use snort in a switched environment Carlos Felix (May 14)
- Message not available
- Re: how to use snort in a switched environment Carlos Felix (May 14)
- <Possible follow-ups>
- Re: how to use snort in a switched environment Les Addison (May 14)
- Re: how to use snort in a switched environment Matt Schillinger (May 14)