[Snort-users] Snort in a switched environment

Bruno Taranto bruno at ...5646...
Wed May 15 08:57:05 EDT 2002


u can do that:

  INET
     |
ROUTER
     |
 HUB --------- SNORT
     |
SWITCH
     |
COMPANY

:-)

its simple... but work!

___________________________________
Internet Security Services
HISS, Inc.
Bruno Taranto
phone: +55 21 2221-2180
phone: +55 21 2508-0505 r.741
phone/fax: +55 21 2232-6209
email: bruno at ...5646...
corporate site: http://www.hiss.com.br
security portal: http://www.hacker.com.br
___________________________________



----- Original Message -----
From: "Matt Yackley" <Matt.Yackley at ...5858...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, May 14, 2002 12:41 PM
Subject: RE: [Snort-users] Snort in a switched environment


> The trouble with a switch is that it stores MAC address in a table for
each
> port and will only send data to the specific port that is the destination,
> the execptions are broadcast traffic and perhaps when a new device is
placed
> on the network.  A way around the problem is if the switch handles port
> mirroring, you can mirror traffic from selected ports to a port that you
> specfiy as the monitoring port.  Check the user manual that came with the
> switch to see if it supports port mirroring.
>
> Matt
>
> -----Original Message-----
> From: Bastian Ballmann [mailto:ballmann at ...3190...]
> Sent: Tuesday, May 14, 2002 10:20 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort in a switched environment
>
>
> Hello!
> Is it possible to run Snort in a switched environment? Cause Snort can
only
> sniff the traffic of the host he is running on. Unless he is doing
something
>
> like ARP poisoning or something like this...
> But I think this would lead into trouble if you run the arpspoof
> preprocessor
> ;)
> Greets
>
> Bastian Ballmann
> --
> Bastian Ballmann [ ballmann at ...3190... ]
> @ Computational Design GmbH
> [ http://www.co-de.de ]
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...382...
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...382...
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>






More information about the Snort-users mailing list