[Snort-users] Port mirroring on 3com switch

Carlos Felix snort at ...8664...
Thu Jun 12 09:49:02 EDT 2003


Buy a Cisco or an HP ProCurve -

Carlos

Petriz, Pablo said:
> Hello snorters!
>
> My DMZ has now a hub and my Snort box is connected to this hub
> monitoring all the traffic over there:
>
> external net----firewall----hub----DMZ
>                      |       |
>                    switch   snort
>                      |
>                   internal
>                     net
>
> I have to buy a switch to replace the hub and i want to get a good
> advice considering this:
>
> 1) The company has all 3com switchs and want another 3com switch
> 2) I can't mirror *all* ports of a 3com switch to a sniff port,
>    but i can mirror 1 port to a sniff port.
>
> I've read something on the archives but, it's enough to mirror only
> the port that connect the switch to the firewall to snort?
>
> I'll miss all the traffic btw the other machines connected to the
> switch, but i'm still monitoring all the in/outs to/from the DMZ
> Is that correct?
>
> Do someone has this kind of port mirroring working on a 3com switch?
>
> Do i have to start thinking: "Why don't we buy a Cisco switch???"
>
> Thank you!
>
>
> PABLO
>
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by: eBay
> Great deals on office technology -- on eBay now! Click here:
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list