[Snort-users] Quick questions about recieved packets

Richard Bejtlich taosecurity at ...11827...
Wed Oct 26 07:47:52 EDT 2005

Joseph Nicholson wrote:

> This is my core switch and brings about 5 different network segments together...
> The monitor port is a Gigabit port and the monitoring ethernet port is running
> at a Gigabit also.

Hi Joseph,

Do you have an idea of how much bandwidth you are watching on this SPAN port?

Can you share some specifications for your hardware -- RAM, PCI bus, etc.?

Have you tried just sending alerts to an alert file, for testing?

Thank you,


More information about the Snort-users mailing list