[Snort-users] Switched hub
radamson at ...2127...
Wed Sep 15 04:11:30 EDT 2004
> In about 1 month we are going to switch from a DMZ hub to a switch
> network. Wat is the best way for following the network traffic, as
> normal its not possible to view other ports with a switch network.
That all depends upon exactly whose switch you purchase. Some switches
can do port mirroring very well while others are very poor at it (or
Most of the HP switches (as an example) can do port mirroring, however
some only support mirroring of one-side (transmit or receive) of a
mirrored port, while other HP switches support complete VLAN mirroring
(including the default VLAN). Some Cisco switches allow a single port
mirror while other models allow multiple port mirrors.
If your company is serious about security monitoring, the port mirroring
capability of your newly purchased boxes 'might' be a driving factor
as to exactly which switch is purchased.
More information about the Snort-users