[Snort-users] Snort on switched network

Chuck Morford cmorford at ...3733...
Tue Oct 9 11:23:11 EDT 2001


Hi,
I'm running Snort on a mirrored port on my switched network and it seems to
be fine...

 I don't know why it would be a bad idea.

If your IDS box is attched to a non-mirrored switch port you're not getting
all the traffic, only what's on your segment.

Chuck Morford
Hostmaster, NCDOT

Ashley Thomas wrote:

> hi,
>
> It is a bad idea to run Snort (or any IDS for that matter) on a switched
> network, am i right ?
> Are there any work arounds ?
>
> thanks a lot
> ashley
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cmorford.vcf
Type: text/x-vcard
Size: 425 bytes
Desc: Card for Chuck Morford
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011009/98d7b8ac/attachment.vcf>


More information about the Snort-users mailing list