RE: [Snort-users] Span/Snoop ports...
This is a discussion on RE: [Snort-users] Span/Snoop ports... within the Snort forums, part of the System Security and Security Related category; Marc Hering wrote: > If I configured the port as a dot1q trunk would Snort understand that > traffic? I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-18-2005
|
|||
|
|||
RE: [Snort-users] Span/Snoop ports...
Marc Hering wrote:
> If I configured the port as a dot1q trunk would Snort understand that > traffic? I need to mirror 2 switchs that are trunked together so I > can grab all the traffic..... Hi Marc, Exactly what do you want to capture? If you monitor the trunk port you will only see traffic passed between hosts on physically separate switches. Two hosts on the same physical switch will not pass any traffic between them onto the trunk line. Monitoring all of the traffic passing between hosts on the same physical switch becomes more difficult as you increase the number of active ports and their utilized bandwidth. Sincerely, Richard http://www.taosecurity.com ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
