[Snort-users] Can anyone recommend a small port-mirroring switch?
elof at ...6680...
Wed Oct 6 11:47:05 EDT 2004
The reason to buy a small swith instead of bying a tap is that a switch
is much cheaper than a "single NIC tap".
It seems like you even can get a switch with one or two gigabit ports for
a low cost, then you should be able to mirror both directions of a 100Mbps
port to a 1Gbps port without any problem (100M + 100M < 1G).
In Sweden, a "single NIC tap" costs 12000 SEK ($1700) while a small switch
costs ~ 2500 SEK ($350).
There you have your reason. :-)
The environment where this particular snort is to be located isn't
important enough to spend those extra $1350 for the tap.
On Wed, 6 Oct 2004, Eric Hines wrote:
> Can you help me understand as to why you would purchase a switch capable of
> doing port mirroring? The reason people implement Taps most often than not
> is to eliminate the need to do port mirroring, which degrades the
> performance of your switch.
> Best Regards,
> Eric Hines, GCIA, CISSP
> Applied Watch Technologies, Inc.
> Direct: (877) 262-7593 x327
> 1134 N. Main St.
> Algonquin, IL 60102
> -----Original Message-----
> From: Martin Olsson [mailto:elof at ...6680...]
> Sent: Wednesday, October 06, 2004 9:58 AM
> To: snort-users mailinglist
> Subject: [Snort-users] Can anyone recommend a small port-mirroring switch?
> Thanks for the responses to my previous mail.
> Ok, now I know of NetOptics taps, both the normal one that need a bond0 on
> my snort machine and the "Port Aggressor" model that let me sniff using a
> single NIC.
> If we continue on the single NIC approach... Could anyone recommend a small
> (and preferably cheap) switch that can mirror traffic?
> All I need is three 100Mbps ports really:
> (I know that A+B will never (or very seldom) total more than 100Mbps)
> I have only worked with "real" switches like Cisco Catalyst 3500, so I have
> no frame of reference as to where to begin looking. I don't want to buy
> cheap crappy stuff that overheat and die after a week.
> What switch brand and model should I take a look at?
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use
> IT products in your business? Tell us what you think of them. Give us Your
> Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users