[Snort-users] snort placement

neptuna neptuna at ...6520...
Sun Aug 4 14:23:02 EDT 2002


<If it's really a switch, you should only see traffic to and from that
port on the switch.  You should see if it is possible for you to set up
mirroring on the switch, otherwise put Snort on the router/FW (get a
cheap x86 box) monitoring your internal interface.>

Yes, i believe that is what was happening.

      
< The best way would be to get a tap (I know, you probably don't care to
spend that much on a home IDS system. Can anybody guess how much a cheap
tap would cost for this?) or a hub and set it up like this:

CM -- Router/FW/Snort -- Switch 
       \                                                 
         \ _ Snort 
>

What is a tap? Not sure  I understand the above diagram. where does the
hub come in.







More information about the Snort-users mailing list