[Snort-users] Snort readng across switches?
mkettler at ...4108...
Mon Jan 26 14:01:08 EST 2004
At 11:44 AM 1/26/2004, M. Morgan wrote:
> I've noticed that my snort sensors, plugged into different places on
> cascaded cisco 2600 series switches are getting different readings. This
> leads me to believe that snort is only sensing traffic on the switch it
> is plugged into. Does it read across cascaded switches or must each
> switch have a snort node sniffing it?
By definition, switches don't forward traffic to nodes that don't need it..
Unless you've configured your switches with cascaded mirror ports, then no,
snort will NOT see traffic accross the switches.
Heck, without a mirror port, snort won't even see all the traffic for the
switch it's plugged into.
More information about the Snort-users