Hello Pavel I refer to the mail from 'leon' which refers to the following link[1] which describes how you can sniff in a switched environment.
Actually, the techniques described in there are not The Right Way[tm] to sniff out your switched environment, if you have access to your switch configuration. If you read the comments you will see that there is a word about a "mirrored port" which makes sense to me, so you can sniff all the traffic going through a switch (or maybe even spanned switches) by a box connected to this port. Even with Snort. [1] http://www.linuxsecurity.com/articles/network_security_article-4551.html --
