Snort IDS set up on switched LAN + 3COM managed switch
Posted on 2004-08-31
Thanks in advance for the help with this one.
Here's a brief overview of how I have it set up currently:
Internet -> Router -> Firewall -> Switch (not hub) -> LAN, which includes hosts and IDS.
The issue is that Snort can't sniff very well on a switched LAN (few sniffers can). I'm aware that going to a model like:
Internet -> Router -> Firewall -> Hub
..would solve my problem.
However, I need to do this without acquiring more hardware. I know some Cisco switches allow LAN traffic to be monitored on a specific port, so that I could still sniff the network without additional hardware. Is this doable with a managed 3COM (3812, if that helps you) switch?
If I assign an IP to the switch will I need to re-address my hosts, or is that strictly for switch management?
Thanks for the help.