Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
0
Helpful
1
Replies

SNORT and mirroring port?

kendalle01
Level 1
Level 1

‎09-08-2005 11:51 AM - edited ‎02-21-2020 12:22 AM

I have a 4507R switch with multiple VLANS or subnets. I've installed SNORT on a test machine I have but it doesn't pick up anything outside of it's subnet. According to the documentation I read I won't be able to see all the traffic on the switch and need to mirror a port. Anyone with experience using SNORT with a switched network?

0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎09-09-2005 08:30 AM

Yes. You need to figure out what ports contain the traffic you want to view, and also how much data that might be. I knew that a fast ethernet port connecting to a PIX would contain all the data entering and exiting our network, so that is the port I mirrored for snort to monitor. I was mostly interested in monitoring the traffic entering and exiting our network.

I am not sure how well snort deals with vlan tags - you might need to ensure that snort is only getting non tagged packets.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card