IDS on Switched Networks

From: Paul W. Stoecker, Ph.D. (
Date: 12/05/01

Date: Tue, 04 Dec 2001 20:55:55 -0500
From: "Paul W. Stoecker, Ph.D." <>


If you are on a switched network, do you have to place your NIDS sensor
in a location that can capture everything. For instance, my firewall is
connected into a router which contains all of my switches and acts as a
switch itself.

Do I have to put the sensor in the critical path? Does that mean that I
have to put a sensor on the Firewall, use another machine that is a
router, or do I need a hub for the sensor and firewall to share?

Your help is greatly appreciated.


