[Snort-users] Port mirroring on 3com switch

Petriz, Pablo ppetriz at ...3815...
Thu Jun 12 08:21:14 EDT 2003


Hello snorters!

My DMZ has now a hub and my Snort box is connected to this hub
monitoring all the traffic over there:

external net----firewall----hub----DMZ
                     |       |
                   switch   snort
                     |
                  internal
                    net

I have to buy a switch to replace the hub and i want to get a good
advice considering this:

1) The company has all 3com switchs and want another 3com switch
2) I can't mirror *all* ports of a 3com switch to a sniff port,
   but i can mirror 1 port to a sniff port.

I've read something on the archives but, it's enough to mirror only
the port that connect the switch to the firewall to snort?

I'll miss all the traffic btw the other machines connected to the 
switch, but i'm still monitoring all the in/outs to/from the DMZ
Is that correct?

Do someone has this kind of port mirroring working on a 3com switch?

Do i have to start thinking: "Why don't we buy a Cisco switch???"

Thank you!


PABLO





More information about the Snort-users mailing list