Snort mailing list archives
RE: Port mirroring on 3com switch
From: "Jose Fernandes (IT)" <it-j-fernandes () ptinovacao pt>
Date: Thu, 12 Jun 2003 18:09:49 +0100
My advice is: buy an ethernet TAP and put it btw the firewall and the switch. That way you'll have a non intrusive sensor, and you will monitor the link btw firewall and the switch. Network Taps: http://www.networkintrusion.co.uk/taps.htm Note: Supposing that you are "afraid" of attacks coming from the external net...... -----Original Message----- From: Petriz, Pablo [mailto:ppetriz () siscat com ar] Sent: Quinta-feira, 12 de Junho de 2003 16:17 To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Port mirroring on 3com switch Hello snorters! My DMZ has now a hub and my Snort box is connected to this hub monitoring all the traffic over there: external net----firewall----hub----DMZ | | switch snort | internal net I have to buy a switch to replace the hub and i want to get a good advice considering this: 1) The company has all 3com switchs and want another 3com switch 2) I can't mirror *all* ports of a 3com switch to a sniff port, but i can mirror 1 port to a sniff port. I've read something on the archives but, it's enough to mirror only the port that connect the switch to the firewall to snort? I'll miss all the traffic btw the other machines connected to the switch, but i'm still monitoring all the in/outs to/from the DMZ Is that correct? Do someone has this kind of port mirroring working on a 3com switch? Do i have to start thinking: "Why don't we buy a Cisco switch???" Thank you! PABLO ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Port mirroring on 3com switch Petriz, Pablo (Jun 12)
- Re: Port mirroring on 3com switch Carlos Felix (Jun 12)
- Re: Port mirroring on 3com switch Erek Adams (Jun 13)
- Re: Port mirroring on 3com switch Daniel A. Melo (Jun 13)
- <Possible follow-ups>
- RE: Port mirroring on 3com switch Jose Fernandes (IT) (Jun 12)