Snort mailing list archives

Re: Span/Snoop ports...

From: Skip Carter <skip () mira taygeta com>
Date: Fri, 18 Mar 2005 15:08:46 -0800

I just deployed a Snort box to one of our data centers...and I ran into
a bit of a snafu.  We have a 2948G-L3 switch and want to snort on it.
The problem is that a L3 switch doesn't suppprt a snoop port...Has
anyone found a way around this?


  Depending upon your setup (and budget) a network tap might work.

  We use them here with our portable IDS which is temporarily deployed
  in client networks and we can't always know what type of switch setup
  they might have.



Skip




-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip () taygeta net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940

Attachment: _bin
Description:

Current thread:

Span/Snoop ports... Marc Hering (Mar 18)
- Re: Span/Snoop ports... Paul Halliday (Mar 18)
- Re: Span/Snoop ports... Ulric Eriksson (Mar 18)
  - RE: Span/Snoop ports... Lee Clemens (Mar 18)
- Re: Span/Snoop ports... Skip Carter (Mar 18)
- <Possible follow-ups>
- RE: Span/Snoop ports... Richard Bejtlich (Mar 18)
- RE: Span/Snoop ports... Snort (Mar 21)