LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices


Reply
  Search this Thread
Old 12-24-2007, 09:53 PM   #1
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 582

Rep: Reputation: 31
Snort, Squid with Switch.


Hello all expert network administrator, i truly new to snort and squid. As far as i know, there are some myth when i bought a switch.
I odn't know whether a sqitch is compatible with snort or squid or not.
Please point me in right direction.
Thanks for your help.
Your help is greatly appreciated by me and others.
 
Old 12-24-2007, 10:05 PM   #2
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,248
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
well for Snort typically you would use a Managed Switch that has a PORT MIRRORING or SPANNING function that will replicate all the traffic going through the switch to the port that SNORT is connected to..
http://www.effetech.com/help/cisco-span.htm
http://en.wikipedia.org/wiki/Port_mirroring

As for squid well it's a proxy, so, err, yeah a switch is kinda irrelevant. the switch just allows you to connect the clients to the proxy server.
 
Old 12-24-2007, 10:38 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Given that you are using squid, if you have your proxy server located between the internet and the LAN switch, then you will see all internet <-> lan traffic before it reaches your switch. This being the case, you can detect traffic between a LAN host and an intruder so Snort could be used.
 
Old 12-25-2007, 10:03 PM   #4
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 582

Original Poster
Rep: Reputation: 31
I wonder what i need port mirroring since this is a home network. As far as i know, this enable administrator monitor the LAN connection. Is it true ? Any good recomendations for this kind of swithc?
Thanks.
 
Old 12-25-2007, 11:54 PM   #5
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,248
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
http://www.snort.org/docs/faq.html#1.8

Q: I'm on a switched network, can I still use Snort?

A: Being able to sniff on a switched network depends on what type of switch is being used. If the switch can mirror traffic, then set the switch to mirror all traffic to the snort machine's port.


Could use a Hub between the devices.. a Hub shows all data passing through it to all ports on the device, and is far cheaper than a managed switch

Snort is Kinda overkill for a home network imho
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting snort: ERROR: User "snort" unknown games1 Linux - Software 3 02-07-2007 08:21 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
thread switch results in kernel stack switch superstition Linux - General 1 05-17-2005 11:48 PM
snort snort.conf help crealkiller175 Linux - Software 1 03-08-2003 05:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware

All times are GMT -5. The time now is 11:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration