[Snort-users] switch port as network tap?

Agus agus.262 at ...11827...
Tue Feb 15 10:38:53 EST 2011

Hi John,

1) You can easily use a switch port SPAN. You would have to be careful
with which ports you mirror and traffic cause they could saturate and
create load on the switch probably.

2) Pulledpork and oinkmaster


2011/2/15 John Williams <john.b.williams at ...11827...>:
> I need to get a SNORT system up and running quickly and have a couple questions:
> 1) Network taps seem very expensive. Possible stupid question:  Is
> there a reason why one couldn't use a "sniffer" (i.e. read-only) port
> on a a Ethernet VLAN switch rather a Network Tap?  Doesn't it do the
> same thing?
> 2) Is there an automated processes for updating the latest signatures?
> Thank you!
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list