[Snort-users] Hardware Questions

Rich Adamson radamson at ...2127...
Wed May 22 06:13:06 EDT 2002


> 1) When using a switch to aggregate traffic from a copper tap to a monitored port for snort to 
sniff off. I am looking for the LEAST expense
> switch of other device to do this job, can anyone make suggestions as to any inexpensive 
switches that will perform this function? What is
> everyone using that works?

Just about any "managable" switch has port mirroring capability. I happen
to like the Cisco 2924 (etc) series, however there are many others.

> 2) Second, I did some google searches the other day and was unsuccessful in location the most 
basic of devices, I guess no one makes them
> anymore. Does anyone know of a company that still makes a PASSIVE (non powered) ethernet 
(RJ45) hub (say 3-4 ports)? This used to be a
> common device 10-15 years  but seems impossible to find now.

We carry around the NetGear DS104 10/100 hub. Its inexpensive but sometimes
rather hard to find. Think I seen them at CompUSA lately. The only issue to
watch out for is the box functions as a switch in some cases (certain ports
running at 10meg when another port is running at 100meg). Price was something
like $35.

Don't know of anyone that makes a functional "non-powered" hub. In theory
it's not possible without impacting the electrical characteristics of the
attached NIC adapters.





More information about the Snort-users mailing list