[Snort-users] Switched hub
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Wed Sep 15 01:05:16 EDT 2004
--On 15 September 2004 07:17 +0000 patrick.marquetecken at ...1187... wrote:
> In about 1 month we are going to switch from a DMZ hub to a switch
> network. Wat is the best way for following the network traffic, as normal
> its not possible to view other ports with a switch network.
Actually, it is with plenty of switches (especially cheap, unmanaged
switches), if you them with ARP announcements so that they degrade into hub
mode. But I digress, as that isn't really a sensible solution for your
What you need to do is to configure a SPAN or mirror port on your switches
and connect your NIDS sensor(s) to those, or place taps between switches
and connect your NIDS sensor(s) to those. Which approach you take depends
on what you want to see.
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users