[Snort-users] Port Mirroring

Scott Link linksg at ...17169...
Tue Dec 6 20:33:17 EST 2016


If this is for a home lab, Microtik makes an affordable router/switch that
works pretty well. I'm using an RB750GL and it's been sufficient. I'm
mirroring ports (wireless AP and a couple of wired devices) to a monitor
port feeding an Intel NUC running Security Onion. It was $60 well spent, I
think. It's the gateway for my internal networks before connecting to the
ISP's modem/gateway. (I've used it with Charter and ATT UVerse...)




On Tue, Dec 6, 2016 at 7:25 PM, Ryan Shuck <rshuck at ...11827...> wrote:

> All passive taps like those listed above will not work with 1000M
> connections, they will only work with 100M. There are cheap linksys
> switches with port mirroring capability that can be had for under $100.
>
> On Tue, Dec 6, 2016 at 8:00 PM, Michael Steele <michaels at ...9077...>
> wrote:
>
>> If you want to have some fun building a rather unique tap, or buy one:
>>
>>
>>
>> https://greatscottgadgets.com/throwingstar/
>>
>>
>>
>> Kindest regards,
>>
>> Michael...
>>
>>
>>
>> WINSNORT.com Management
>>
>> --
>>
>> ****************** Established ~ 2001 *******************
>>
>> *          Visit Us @ http://www.winsnort.com           *
>>
>> *      ~~ FREE WinIDS Snort installation guides ~~      *
>>
>> *               ~~ FREE support forums ~~               *
>>
>> * Snort: Open Source Network IDS - http://www.snort.org *
>>
>> *********************************************************
>>
>>
>>
>> *From:* Russ [mailto:rucombs at ...589...]
>> *Sent:* Tuesday, December 6, 2016 12:17 PM
>> *To:* snort-users at lists.sourceforge.net
>> *Subject:* Re: [Snort-users] Port Mirroring
>>
>>
>>
>> These are cheap and work well:
>>
>>     http://www.dual-comm.com/port-mirroring-LAN_switch.htm
>>
>> On 12/6/16 12:08 PM, Michael Steele wrote:
>>
>> http://www.winsnort.com/tutorials/article/12-how-to-create-
>> and-install-a-passive-ethernet-tap/
>>
>>
>>
>> Kindest regards,
>>
>> Michael...
>>
>>
>>
>> WINSNORT.com Management
>>
>> --
>>
>> ****************** Established ~ 2001 *******************
>>
>> *          Visit Us @ http://www.winsnort.com           *
>>
>> *      ~~ FREE WinIDS Snort installation guides ~~      *
>>
>> *               ~~ FREE support forums ~~               *
>>
>> * Snort: Open Source Network IDS - http://www.snort.org *
>>
>> *********************************************************
>>
>>
>>
>> *From:* Justin Pederson [mailto:jpedersm at ...11827... <jpedersm at ...11827...>]
>> *Sent:* Tuesday, December 6, 2016 9:44 AM
>> *To:* snort-users mailinglist <snort-users at lists.sourceforge.net>
>> <snort-users at lists.sourceforge.net>
>> *Subject:* [Snort-users] Port Mirroring
>>
>>
>>
>> What are you guys doing to Mirror Ports.  I was going to use my wireless
>> router I got from the ISP but I found out last night this can not be done
>> with it.  I do have a 2950 and 2960 switch that I can setup mirroring on
>> but you rather not have them running in my office constantly.  Any idea on
>> what the difference between a hub and network tap will be?  If the network
>> tap is the way to go any idea on some have way decent ones for a home lab?
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> Developer Access Program for Intel Xeon Phi Processors
>>
>> Access to Intel Xeon Phi processor-based developer platforms.
>>
>> With one year of Intel Parallel Studio XE.
>>
>> Training and support from Colfax.
>>
>> Order your platform today.http://sdm.link/xeonphi
>>
>>
>>
>>
>> _______________________________________________
>>
>> Snort-users mailing list
>>
>> Snort-users at lists.sourceforge.net
>>
>> Go to this URL to change user options or unsubscribe:
>>
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>
>> Snort-users list archive:
>>
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>>
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today.http://sdm.link/xeonphi
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
> ------------------------------------------------------------
> ------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/xeonphi
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
Scott Link | Manager - Security Operations | Saint Louis University
<http://www.slu.edu>
3545 Lindell Boulevard, The Marvin and Harlene Wool Center | T 314-977-9713
<314-977-3471>

 [image: www.slu.edu] <http://www.slu.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161206/3b51095c/attachment.html>


More information about the Snort-users mailing list