Snort mailing list archives
Re: snort and tap ethernet
From: Mark.Schutzmann () Omron com
Date: Tue, 30 Mar 2004 09:27:28 -0600
If you are expecting to use port mirroring (RMON as 3Com calls it) on a
Superstack III 3300 switch, forget it. I had a case open with 3Com support
for a week trying to get it to work. Finally one of their higher-level
engineers told me that the built-in RMON capability is only good for
short-term analysis. They expect you to purchase an external tap for their
$hitty switches. The Cisco switches are designed with faster fabric and
monitoring in mind. Although performance will "degrade" it won't be as
severe or even noticable as it would on the 3Com and there are better
monitoring (port/vlan mirroring) options. Go with the Cisco and you'll
thank yourself later.
Regards,
Mark
"AJ Butcher, Information
Systems and Computing" To: Alessandro Fiorenzi <a.fiorenzi () infogroup it>,
snort-users
<Alex.Butcher () bristol ac uk> <snort-users () lists sourceforge net>
Sent by: cc:
snort-users-admin () lists sour Subject: Re: [Snort-users] snort and tap ethernet
ceforge.net
03/30/2004 02:02 AM
--On 30 March 2004 09:32 +0200 Alessandro Fiorenzi
<a.fiorenzi () infogroup it> wrote:
I was thinking to snort and taps when I have had a question. is better mirroring one port with 3com or cisco mirroring feature, having the two send and recive signals toghether, or is better to have passive tap ethernet with one port for send and one for recive signal?
It is not unknown for port spanning/mirroring to cause the performance of a switch to deteriorate noticeably. Also, depending on the switch in question, I gather it may not show you all the traffic (i.e. VLAN stuff).
Which are the best taps?
<http://www.finisar.com/nt/taps.php> would be my first port of call (formerly known as Shomiti).
Thanks in advance A.Fiorenzi
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and tap ethernet Alessandro Fiorenzi (Mar 29)
- Re: snort and tap ethernet AJ Butcher, Information Systems and Computing (Mar 30)
- Re: snort and tap ethernet Craig Paterson (Mar 30)
- <Possible follow-ups>
- Re: snort and tap ethernet Mark . Schutzmann (Mar 30)
- RE: snort and tap ethernet Spencer, Arthur (Mar 30)