[Snort-users] switch port as network tap?

John Williams john.b.williams at ...11827...
Tue Feb 15 10:54:06 EST 2011


Thanks Agus & Gravy

Gravy,  I think you answered my next questions which is,  can I
combine the SPAN (network tap) ports into a single VLAN to feed SNORT?
 Your suggestion that a network hub will work seems to indicate the
answer is yes.



On Tue, Feb 15, 2011 at 10:49 AM, GravyFace <gravyface at ...11827...> wrote:
> Also a network hub will work, if you have one laying around.
>
> On Tue, Feb 15, 2011 at 10:38 AM, Agus <agus.262 at ...11827...> wrote:
>> Hi John,
>>
>> 1) You can easily use a switch port SPAN. You would have to be careful
>> with which ports you mirror and traffic cause they could saturate and
>> create load on the switch probably.
>>
>> 2) Pulledpork and oinkmaster
>>
>> Cheers
>>
>> 2011/2/15 John Williams <john.b.williams at ...11827...>:
>>> I need to get a SNORT system up and running quickly and have a couple questions:
>>>
>>> 1) Network taps seem very expensive. Possible stupid question:  Is
>>> there a reason why one couldn't use a "sniffer" (i.e. read-only) port
>>> on a a Ethernet VLAN switch rather a Network Tap?  Doesn't it do the
>>> same thing?
>>>
>>> 2) Is there an automated processes for updating the latest signatures?
>>>
>>> Thank you!
>>>
>>> ------------------------------------------------------------------------------
>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>>> Pinpoint memory and threading errors before they happen.
>>> Find and fix more than 250 security defects in the development cycle.
>>> Locate bottlenecks in serial and parallel code that limit performance.
>>> http://p.sf.net/sfu/intel-dev2devfeb
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>> ------------------------------------------------------------------------------
>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>> Pinpoint memory and threading errors before they happen.
>> Find and fix more than 250 security defects in the development cycle.
>> Locate bottlenecks in serial and parallel code that limit performance.
>> http://p.sf.net/sfu/intel-dev2devfeb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>




More information about the Snort-users mailing list