[Snort-users] Can anyone recommend a small port-mirroring switch?

Martin Olsson elof at ...6680...
Wed Oct 6 08:00:11 EDT 2004


Thanks for the responses to my previous mail.


Ok, now I know of NetOptics taps, both the normal one that need a bond0 on
my snort machine and the "Port Aggressor" model that let me sniff using a
single NIC.

If we continue on the single NIC approach... Could anyone recommend a
small (and preferably cheap) switch that can mirror traffic?

All I need is three 100Mbps ports really:

  A----Switch----B
         |
       Snort

(I know that A+B will never (or very seldom) total more than 100Mbps)



I have only worked with "real" switches like Cisco Catalyst 3500, so I
have no frame of reference as to where to begin looking. I don't want to
buy cheap crappy stuff that overheat and die after a week.

What switch brand and model should I take a look at?

/Martin





More information about the Snort-users mailing list