[Snort-users] how to use snort in a switched environment
erek at ...950...
Wed May 14 07:13:02 EDT 2003
On Wed, 14 May 2003, Jeremy Rodriguez wrote:
> >From snort DOCS:
> Q: I'm on a switched network, can I still use Snort?
> A: Being able to sniff on a switched network depends on what type of
> switch is being used. If the switch can mirror traffic, then set
> the switch to mirror all traffic to the snort machine's port.
> My question is that I have a Cisco WS-C2924-XL and I was wondering if anyone
> has used snort and these switches successfully.
2924's can be configed to use a SPAN port. Just don't do that if you have
a high sustained traffic rate, else the switch will fall over and die.
Check Cisco's site for details on how to config a SPAN port on those.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users