Snort mailing list archives
Re: Span/Snoop ports...
From: Paul Halliday <paul.halliday () gmail com>
Date: Fri, 18 Mar 2005 10:05:10 -0400
Marc, There are a few solutions: 1) Buy a TAP http://www.netoptics.com <- One of many. Hardware TAPS can be quite expensive. In some cases you may be better off spending the money on a switch that has a span port. 2) Physically tap the line with a *nix box. For example you could have two NICS just forwarding the traffic and tap into that. Latency *might* be an issue depending on your setup. You can do some fancy stuff with PF, for exampe dup to another (sensor) machine. 3) Build your own TAP. http://www.snort.org/docs/tap <- Mileage may vary. Good luck. On Fri, 18 Mar 2005 08:31:19 -0500, Marc Hering <mhering () reval com> wrote:
Hey Guys, I just deployed a Snort box to one of our data centers...and I ran into a bit of a snafu. We have a 2948G-L3 switch and want to snort on it. The problem is that a L3 switch doesn't suppprt a snoop port...Has anyone found a way around this? Thanks!
On Fri, 18 Mar 2005 08:31:19 -0500, Marc Hering <mhering () reval com> wrote:
Hey Guys, I just deployed a Snort box to one of our data centers...and I ran into a bit of a snafu. We have a 2948G-L3 switch and want to snort on it. The problem is that a L3 switch doesn't suppprt a snoop port...Has anyone found a way around this? Thanks!
-- _________________ Paul Halliday http://dp.penix.org "Diplomacy is the art of saying "Nice doggie!" till you can find a rock." ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Span/Snoop ports... Marc Hering (Mar 18)
- Re: Span/Snoop ports... Paul Halliday (Mar 18)
- Re: Span/Snoop ports... Ulric Eriksson (Mar 18)
- RE: Span/Snoop ports... Lee Clemens (Mar 18)
- Re: Span/Snoop ports... Skip Carter (Mar 18)
- <Possible follow-ups>
- RE: Span/Snoop ports... Richard Bejtlich (Mar 18)
- RE: Span/Snoop ports... Snort (Mar 21)