[Snort-users] One sensor for three switches

Ross Sweetzir ross at ...12225...
Wed Aug 4 13:30:47 EDT 2004


You could create a monitoring VLAN on one switch, plug your monitoring
interfaces into this VLAN, and then use 100Bt or better yet a 1000Bt
NIC/ and GBIC to monitor all traffic on that VLAN.  Then you would only
need one NIC in your snort box.
If you need more help on the switch configuration let me know.  This
configuration does eat switch ports, but if you have them spare it might
be easier to manage than multiple NICS.   
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Carlton L.
Whitmore
Sent: Wednesday, July 28, 2004 3:48 PM
To: Kreimendahl, Chad J; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] One sensor for three switches
 
Do I need to relaunch snort to get it to recognize the other NIC cards?
 
 
  _____  

From: Kreimendahl, Chad J [mailto:Chad.Kreimendahl at ...4716...] 
Sent: Thursday, July 22, 2004 9:40 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] One sensor for three switches
 
dual or quad interface NIC card.... or just additional NIC cards if
they'll fit.
 
  _____  

From: Carlton L. Whitmore [mailto:cwhitmore at ...12125...] 
Sent: Wednesday, July 21, 2004 2:32 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] One sensor for three switches
I have port 3 on my Catalyst 2950 switches monitoring the ports on each
switch. Is there a way to have one port monitor the traffic on other
switches?
I really don't want to setup a sensor for every switch.
Carlton.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040804/1599af50/attachment.html>


More information about the Snort-users mailing list