[Snort-users] how to use snort in a switched environment

Erek Adams erek at ...950...
Wed May 14 07:13:02 EDT 2003


On Wed, 14 May 2003, Jeremy Rodriguez wrote:

> >From snort DOCS:
> Q: I'm on a switched network, can I still use Snort?
>
> A: Being able to sniff on a switched network depends on what type of
>    switch is being used.  If the switch can mirror traffic, then set
>    the switch to mirror all traffic to the snort machine's port.
>
> My question is that I have a Cisco WS-C2924-XL and I was wondering if anyone
> has used snort and these switches successfully.

[...snip...]

2924's can be configed to use a SPAN port.  Just don't do that if you have
a high sustained traffic rate, else the switch will fall over and die.
Check Cisco's site for details on how to config a SPAN port on those.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list