Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort on span port

From: Rich Adamson <radamson () routers com>
Date: Thu, 12 Aug 2004 00:23:29 -0600
If you dig into why some switches have issues with mirroring, you'll
find that at least some of these function well "if" the port to be
mirrored and the snort port are on the same chipset (internally) and
same card (no backplane involved). For example, many of the 24 port
switches on the market use an internal LSI chip that supports eight
ports (typically 1-8, 9-16, 17-24). Mirroring between ports 1 and
2 will likely be better then mirroring between 1 and 17, etc, etc.

------------------------

Newer Cisco switches are much better at SPAN ports. In fact all older 
equipment
by all vendors had issues. Newer equipment are much better, faster backplanes,
etc. Anyway, you can get arround this by using a hub.

Later,
Michael

----- Message from TKaroutsos () bcsc bc ca ---------    Date: Wed, 11 Aug 2004
16:47:29 -0700    From: TKaroutsos () bcsc bc.caReply-To: TKaroutsos () bcsc bc ca
Subject: Re: [Snort-users] Snort on span port      To: "Michael J. Pelletier"
<mjpelletier () mjpelletier com>


I sense that the direction is towards TAPs.
Our switches have limited SPAN capability and I suppose they represent the
market.




                      "Michael J. Pelletier"
                      <mjpelletier () mjpelletier com        To:       
snort-users () lists sourceforge net
                      >                                   cc:       
charles.heselton () gmail com
                      Sent by:                            Subject:  
Re: [Snort-users] Snort on span port
                      snort-users-admin () lists sour
                      ceforge.net


                      08/11/2004 16:09






Hello

The Cisco 5500 series switches have a bad rep for dropping packets on SPAN
ports. Unfortunetly, if everything is corretly configured and you still are
dropping packets you might try putting the IDS on a hub with the other
links.
This would eliminate the need for a SPAM port. Understand this is not the
best
way to do things but, it does get arround the 5500s problem with SPAM
ports.

Take Care,
Michael


/*******************************************/
UNIX is a very friendly OS. It is just picky
about who it makes friends with.
/*******************************************/

Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately.


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



----- End message from TKaroutsos () bcsc bc ca -----




/*******************************************/
UNIX is a very friendly OS. It is just picky
about who it makes friends with.
/*******************************************/

Disclaimer:
This electronic message, including any attachments, is confidential and 
intended solely for use of the intended recipient(s). This message may 
contain information that is privileged or otherwise protected from 
disclosure by applicable law. Any unauthorized disclosure, 
dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender 
immediately.



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


---------------End of Original Message-----------------




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: