[Snort-users] Can anyone recommend a small port-mirroring switch?

Jay Archibald ll_vectra at ...131...
Thu Oct 14 06:13:31 EDT 2004


Martin,

I would recommend a Cisco 2950 series switch.  You can
set up a span port that mirrors one or multiple ports
both directions.  Most cheap managed switches only
mirror one direction.  

The 2950 series switches cost about the same as most
managed switches and have good performace and you are
still in the "REAL SWITCH" world.  Cisco has a
lifetime warranty and will replace them without a
support contract if they fail.

We use the 2950T switch (2 copper Gig ports) for our
snort sensors.

Regards,

Jay Archibald


-----Original Message-----
From: Martin Olsson [mailto:elof at ...6680...]
Sent: Wednesday, October 06, 2004 8:58 AM
To: snort-users mailinglist
Subject: [Snort-users] Can anyone recommend a small
port-mirroring
switch?



Thanks for the responses to my previous mail.


Ok, now I know of NetOptics taps, both the normal one
that need a bond0 on
my snort machine and the "Port Aggressor" model that
let me sniff using a
single NIC.

If we continue on the single NIC approach... Could
anyone recommend a
small (and preferably cheap) switch that can mirror
traffic?

All I need is three 100Mbps ports really:

  A----Switch----B
         |
       Snort

(I know that A+B will never (or very seldom) total
more than 100Mbps)



I have only worked with "real" switches like Cisco
Catalyst 3500, so I
have no frame of reference as to where to begin
looking. I don't want to
buy cheap crappy stuff that overheat and die after a
week.

What switch brand and model should I take a look at?

/Martin



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com




More information about the Snort-users mailing list