Forum Discussion
Hamish
Mar 30, 2012Cirrocumulus
Mmm... Leaving aside hidden or not hidden (None of mine are hidden) that's not actually going to work very well. There's a strict limit on the number of packets per second (Umm.. 200pps IIRC) that will be relayed from the switch to the host when you're running tcpdump. It also has a detrimental effect on the performance of the unit, consuming quite a bit of CPU...
You';d be better off using a real IDS/IPS device if that's what you're planning...
H