[Snort-users] how to use snort in a switched environment

Les Addison laddison at ...9176...
Wed May 14 07:35:15 EDT 2003

The Cisco 2924 does support port monitoring. The limitation is that you will have a 10/100 Mbps port attempting to monitor/mirror some number (potentially 23 in your case) of other 10/100 Mpbs ports. Obviously, if any of the other ports is running at capacity then the monitor port will not be able to keep up and traffic will be dropped by the switch. So to use port monitoring the selection of which ports to monitor/mirror must be carefully watched to verify that you are not overloading the monitor port capacity and losing too much traffic.

Leslie Addison
Firewall/Security Administrator
Morpace International, Inc.
(248) 737-5315 x404

"This message, together with any attachments, is intended only for the use
of the individual or entity to which it is addressed and may contain
information that is confidential and prohibited from disclosure. If you are
not the intended recipient, you are hereby notified that any dissemination,
or copying of this message, or any attachment is strictly prohibited.  If
you have received this message in error, please notify the original sender
immediately by telephone or by return E-mail and delete this message along
with any attachment, from your computer.  Thank you."

>>> "Jeremy Rodriguez" <jeremyrodriguez at ...8471...> 05/14/03 08:40AM >>>

More information about the Snort-users mailing list