[Snort-users] switch port as network tap?

GravyFace gravyface at ...11827...
Tue Feb 15 10:49:10 EST 2011


Also a network hub will work, if you have one laying around.

On Tue, Feb 15, 2011 at 10:38 AM, Agus <agus.262 at ...11827...> wrote:
> Hi John,
>
> 1) You can easily use a switch port SPAN. You would have to be careful
> with which ports you mirror and traffic cause they could saturate and
> create load on the switch probably.
>
> 2) Pulledpork and oinkmaster
>
> Cheers
>
> 2011/2/15 John Williams <john.b.williams at ...11827...>:
>> I need to get a SNORT system up and running quickly and have a couple questions:
>>
>> 1) Network taps seem very expensive. Possible stupid question:  Is
>> there a reason why one couldn't use a "sniffer" (i.e. read-only) port
>> on a a Ethernet VLAN switch rather a Network Tap?  Doesn't it do the
>> same thing?
>>
>> 2) Is there an automated processes for updating the latest signatures?
>>
>> Thank you!
>>
>> ------------------------------------------------------------------------------
>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>> Pinpoint memory and threading errors before they happen.
>> Find and fix more than 250 security defects in the development cycle.
>> Locate bottlenecks in serial and parallel code that limit performance.
>> http://p.sf.net/sfu/intel-dev2devfeb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list