[Snort-users] Switched hub

Rich Adamson radamson at ...2127...
Wed Sep 15 04:11:30 EDT 2004


> In about 1 month we are going to switch from a DMZ hub to a switch 
> network. Wat is the best way for following the network traffic, as
> normal its not possible to view other ports with a switch network.
 
That all depends upon exactly whose switch you purchase. Some switches
can do port mirroring very well while others are very poor at it (or
non-existent).

Most of the HP switches (as an example) can do port mirroring, however
some only support mirroring of one-side (transmit or receive) of a
mirrored port, while other HP switches support complete VLAN mirroring
(including the default VLAN). Some Cisco switches allow a single port
mirror while other models allow multiple port mirrors.

If your company is serious about security monitoring, the port mirroring
capability of your newly purchased boxes 'might' be a driving factor
as to exactly which switch is purchased.







More information about the Snort-users mailing list