[Snort-users] Can anyone recommend a small port-mirroring switch?

Eric Hines eric.hines at ...8860...
Wed Oct 6 09:21:14 EDT 2004


Can you help me understand as to why you would purchase a switch capable of
doing port mirroring? The reason people implement Taps most often than not
is to eliminate the need to do port mirroring, which degrades the
performance of your switch. 


Best Regards,

Eric Hines, GCIA, CISSP
Applied Watch Technologies, Inc.
Direct: (877) 262-7593 x327
1134 N. Main St.
Algonquin, IL 60102 

-----Original Message-----
From: Martin Olsson [mailto:elof at ...6680...] 
Sent: Wednesday, October 06, 2004 9:58 AM
To: snort-users mailinglist
Subject: [Snort-users] Can anyone recommend a small port-mirroring switch?

Thanks for the responses to my previous mail.

Ok, now I know of NetOptics taps, both the normal one that need a bond0 on
my snort machine and the "Port Aggressor" model that let me sniff using a
single NIC.

If we continue on the single NIC approach... Could anyone recommend a small
(and preferably cheap) switch that can mirror traffic?

All I need is three 100Mbps ports really:


(I know that A+B will never (or very seldom) total more than 100Mbps)

I have only worked with "real" switches like Cisco Catalyst 3500, so I have
no frame of reference as to where to begin looking. I don't want to buy
cheap crappy stuff that overheat and die after a week.

What switch brand and model should I take a look at?


This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use
IT products in your business? Tell us what you think of them. Give us Your
Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list