[Snort-users] how to use snort in a switched environment

Erek Adams erek at ...950...
Wed May 14 07:13:02 EDT 2003

On Wed, 14 May 2003, Jeremy Rodriguez wrote:

> >From snort DOCS:
> Q: I'm on a switched network, can I still use Snort?
> A: Being able to sniff on a switched network depends on what type of
>    switch is being used.  If the switch can mirror traffic, then set
>    the switch to mirror all traffic to the snort machine's port.
> My question is that I have a Cisco WS-C2924-XL and I was wondering if anyone
> has used snort and these switches successfully.


2924's can be configed to use a SPAN port.  Just don't do that if you have
a high sustained traffic rate, else the switch will fall over and die.
Check Cisco's site for details on how to config a SPAN port on those.


Erek Adams

   Erek Adams

