Re: Snort sniffer in Switch network enviornment.

["Marc Quibell" <mquibell () fbfs com>]

Actually, wouldn't it be cool to be able to see ALL the traffic on ALL the
ports, but it just ain't possible in a switched network unless you span ALL
ports on a cisco switch, risking a severe network slow-down. ANd even then, all
the ports have to be in the same VLAN. Go back to hubs! :)-

Marc





--Original Message follows--
Message: 4
Subject: Re: [Snort-users] Snort sniffer in Switch network enviornment.
From: "Jade E. Deane" <jade.deane () riven net>
To: Sam Wun <sam.wun () thales-is com>
Cc: snort-users () lists sourceforge net
Date: 20 Aug 2003 17:19:24 -0500


--=-yQqiA3QHqpUZg4M4vgfE
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

This depends on your switch and software.  I suggest you research "port
span" if you have a Cisco Catalyst.

Regards,
Jade

On Tue, 2003-08-19 at 23:19, Sam Wun wrote:
> Dear all,
> =20
> How can I make Snort sniff all packets in a switch network enivironemtn?
> May be there is some special Cisco Switch has special port allow it to=20
> record all packets of the network?
> =20
> Thanks
> sam




-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users