Snort mailing list archives

Re: Port mirroring on 3com switch

From: Erek Adams <erek () snort org>
Date: Fri, 13 Jun 2003 05:54:06 -0400 (EDT)

On Thu, 12 Jun 2003, Petriz, Pablo wrote:

My DMZ has now a hub and my Snort box is connected to this hub
monitoring all the traffic over there:


[...snip...]

2) I can't mirror *all* ports of a 3com switch to a sniff port,
   but i can mirror 1 port to a sniff port.


That would do it.  I'm just not sure about the 3com switches.  If they can
mirror one port to another, you're done.

I've read something on the archives but, it's enough to mirror only
the port that connect the switch to the firewall to snort?


Right.

I'll miss all the traffic btw the other machines connected to the
switch, but i'm still monitoring all the in/outs to/from the DMZ
Is that correct?


Right.


[...snip...]

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Port mirroring on 3com switch Petriz, Pablo (Jun 12)
- Re: Port mirroring on 3com switch Carlos Felix (Jun 12)
- Re: Port mirroring on 3com switch Erek Adams (Jun 13)
  - Re: Port mirroring on 3com switch Daniel A. Melo (Jun 13)
- <Possible follow-ups>
- RE: Port mirroring on 3com switch Jose Fernandes (IT) (Jun 12)