[Snort-users] Snort readng across switches?

Matt Kettler mkettler at ...4108...
Mon Jan 26 14:01:08 EST 2004


At 11:44 AM 1/26/2004, M. Morgan wrote:
>Hello all,
>  I've noticed that my snort sensors, plugged into different places on 
> cascaded cisco 2600 series switches are getting different readings. This 
> leads me to believe that snort is only sensing traffic on the switch it 
> is plugged into. Does it read across cascaded switches or must each 
> switch have a snort node sniffing it?

By definition, switches don't forward traffic to nodes that don't need it.. 
Unless you've configured your switches with cascaded mirror ports, then no, 
snort will NOT see traffic accross the switches.

Heck, without a mirror port, snort won't even see all the traffic for the 
switch it's plugged into.







More information about the Snort-users mailing list