[Snort-users] Snort in a switched environment

counter.spy at ...348... counter.spy at ...348...
Tue May 14 09:51:03 EDT 2002

solution a: port mirroring 
drawback: switch performance degration, packet loss at high network
(full duplex bandwidth sums up to 200Mbit/s max per port)

solution b: see attached picture (may be copied and distributed for non
commercial purposes only) 

>-----Original Message-----
>From: Bastian Ballmann [mailto:ballmann at ...3190...]
>Sent: Tuesday, May 14, 2002 10:20 AM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] Snort in a switched environment

>Is it possible to run Snort in a switched environment? Cause Snort can only

>sniff the traffic of the host he is running on. Unless he is doing
>like ARP poisoning or something like this...
>But I think this would lead into trouble if you run the arpspoof
>Bastian Ballmann
>Bastian Ballmann [ ballmann at ...3190... ]
>@ Computational Design GmbH
>[ http://www.co-de.de ]

GMX - Die Kommunikationsplattform im Internet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Taps&Switches.gif
Type: image/gif
Size: 43949 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020514/ec1b3a45/attachment.gif>

More information about the Snort-users mailing list