[Snort-users] Snort on switched network

Mike Shaw mshaw at ...3165...
Tue Oct 9 11:51:12 EDT 2001

As long as your switch is manageable, not bad at all.

Run the port in "mirrored", "monitored", or "span" mode.  The term depends 
on the make/model.  In really big switches or very complex environments, 
you *sometimes* have to watch out for a performance hit, but that's very rare.


At 02:06 PM 10/9/2001 -0400, Ashley Thomas wrote:
>It is a bad idea to run Snort (or any IDS for that matter) on a switched
>network, am i right ?
>Are there any work arounds ?
>thanks a lot
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list