View Single Post
  #2   (View Single Post)  
Old 1st June 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by unixjingleman View Post
Am i right in thinking that my only option, to monitor my servers at little extra cost, is to attach a hub to the switch that my servers are attached to, then attach the snort box and the servers to this hub?
This is one option. Others exist too.
  • Some switches can also duplicate traffic to another port. Cisco's SPAN/RSPAN comes to mind. Used 2950's/25960's on eBay should be able do this, but if you are seriously thinking about going with used Cisco equipment, be sure to have researched the model on Cisco's Website to ensure that it can replicate traffic to a different port first.
  • Network taps are a better choice for analyzing packet traffic than hubs or port replication on switches by minimally affecting transfer latency. NetOptics has a number of taps for sale across a nominal price range if you are really serious about it. Here too, going to eBay may help with the sticker shock, but research the topic thoroughly first. Buyer beware.

Last edited by ocicat; 1st June 2011 at 04:57 AM.
Reply With Quote