[Snort-users] setting up a mirroring port at switch

Matt Yackley Matt.Yackley at ...5858...
Sat Apr 26 06:03:03 EDT 2003

Well two things.....

1. IMHO the alerts that would be generated just inside the firewall are much
more important that what is generated outside your firewall.  While I have
sensor outside of my firewall just so that I know what is hitting the
outside, the sensor inside, is the one that is really counts, since it's
only the traffic that makes it through the firewall that really matters.

2. Without any idea of what type of switches you have, no one can help you
with port-mirroring.  Also a quick check of your switch vendor's website or
the manual should tell you how to do it, if your switch has the ability to
do port mirroring or port spanning (it's called different things by
different vendors).


-----Original Message-----
From: smitha rao
To: snort-users at lists.sourceforge.net
Sent: 4/26/2003 5:36 AM
Subject: [Snort-users] setting up a mirroring port at switch

hi all,
I am testing snort in a machine which is connected to
a star topology LAN.My m/c is an end m/c ,to which all
the network traffic will not be redirected...I want my
snort to test all the traffic.I dont want to test it
on firewall m/c as it'll be similar as my nsort is
running outside the firewall..resulting in unwanted
I wanted to setup a mirroring port..How to set it up?
so that all traffic comes to my m/c..Do anybody have a
procedure to setup mirroring port at the switch level.
 plz help me..
                  thank you

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list