[Snort-users] Cisco Catalyst - SNORT

Gary Flynn flynngn at ...6811...
Fri Jun 27 04:50:11 EDT 2003


Jeff Nathan wrote:


> But wait, it gets better.  Imagine having to copy that many frames from an 
> ordinary switch port to a SPAN port.  Two point eight million frames per 
> second!
> 
> I'm sure some Ethernet switches mirror traffic very well, but upon further 
> investigation I believe it would be stretching the truth to say there is no 
> performance degradation in doing so.


I'm not saying the switch works this way but if the packets are on a bus
and configuring a span port just means telling the port to grab anything
on the bus, it would seem there would be no performance hit.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe





More information about the Snort-users mailing list