[Snort-users] Port mirroring on 3com switch

Daniel A. Melo daniel at ...9462...
Fri Jun 13 14:10:11 EDT 2003


I'm using 3300 3com switches and they work fine sniffing all ports on a
mirror port.

-- 
Daniel A. Melo
Consultor em Segurança da Tecnologia da Informação
MCSO - Modulo Certified Security Officer


Em Sex, 2003-06-13 às 06:54, Erek Adams escreveu:
> On Thu, 12 Jun 2003, Petriz, Pablo wrote:
> 
> > My DMZ has now a hub and my Snort box is connected to this hub
> > monitoring all the traffic over there:
> 
> [...snip...]
> 
> > 2) I can't mirror *all* ports of a 3com switch to a sniff port,
> >    but i can mirror 1 port to a sniff port.
> 
> That would do it.  I'm just not sure about the 3com switches.  If they can
> mirror one port to another, you're done.
> 
> 
> > I've read something on the archives but, it's enough to mirror only
> > the port that connect the switch to the firewall to snort?
> 
> Right.
> 
> > I'll miss all the traffic btw the other machines connected to the
> > switch, but i'm still monitoring all the in/outs to/from the DMZ
> > Is that correct?
> 
> Right.
> 
> 
> [...snip...]
> 
> Cheers!
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by: eBay
> Great deals on office technology -- on eBay now! Click here:
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list