Re: Using snort on a switched network

["James" <the_saint_james () yahoo com>]

See if your switch has the ability to do "mirror" ,"monitor" or "broadcast"
ports. Basically all traffic is rebroadcast to the port snort runs on. Place
Snort on your DMZ (in front of your firewall) and Snort will see all
traffic, place it after the firewall and you will see what got thru.

I would like to hear what others have to say about running Snort on a
firewall. Snort is passive, it just listens, processes, and records traffic
unless you intergrate
Snort into the firewall to write rules or take other actions. If your
firewall is a Unix box, then running Snort on it would allow you to sniff
interneal and external interfaces.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users