[Snort-users] Port mirroring on 3com switch
snort at ...8664...
Thu Jun 12 09:49:02 EDT 2003
Buy a Cisco or an HP ProCurve -
Petriz, Pablo said:
> Hello snorters!
> My DMZ has now a hub and my Snort box is connected to this hub
> monitoring all the traffic over there:
> external net----firewall----hub----DMZ
> | |
> switch snort
> I have to buy a switch to replace the hub and i want to get a good
> advice considering this:
> 1) The company has all 3com switchs and want another 3com switch
> 2) I can't mirror *all* ports of a 3com switch to a sniff port,
> but i can mirror 1 port to a sniff port.
> I've read something on the archives but, it's enough to mirror only
> the port that connect the switch to the firewall to snort?
> I'll miss all the traffic btw the other machines connected to the
> switch, but i'm still monitoring all the in/outs to/from the DMZ
> Is that correct?
> Do someone has this kind of port mirroring working on a 3com switch?
> Do i have to start thinking: "Why don't we buy a Cisco switch???"
> Thank you!
> This SF.NET email is sponsored by: eBay
> Great deals on office technology -- on eBay now! Click here:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users