[Snort-users] Port mirroring on 3com switch
ppetriz at ...3815...
Thu Jun 12 08:21:14 EDT 2003
My DMZ has now a hub and my Snort box is connected to this hub
monitoring all the traffic over there:
I have to buy a switch to replace the hub and i want to get a good
advice considering this:
1) The company has all 3com switchs and want another 3com switch
2) I can't mirror *all* ports of a 3com switch to a sniff port,
but i can mirror 1 port to a sniff port.
I've read something on the archives but, it's enough to mirror only
the port that connect the switch to the firewall to snort?
I'll miss all the traffic btw the other machines connected to the
switch, but i'm still monitoring all the in/outs to/from the DMZ
Is that correct?
Do someone has this kind of port mirroring working on a 3com switch?
Do i have to start thinking: "Why don't we buy a Cisco switch???"
More information about the Snort-users