RE: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in subject
This is a discussion on RE: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in subject within the Snort forums, part of the System Security and Security Related category; If I configured the port as a dot1q trunk would Snort understand that traffic? I need to mirror 2 switchs ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-18-2005
|
|||
|
|||
RE: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in subject
If I configured the port as a dot1q trunk would Snort understand that
traffic? I need to mirror 2 switchs that are trunked together so I can grab all the traffic.....=20 -----Original Message----- From: Lee Clemens [mailto:snort@leeclemens.net]=20 Sent: Friday, March 18, 2005 9:28 AM To: 'Ulric Eriksson'; Marc Hering Cc: snort-users@lists.sourceforge.net Subject: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in subject That particular switch does support port mirring, as per the www.cisco.com: Redirection of traffic from any port to a "sniff" port. (Any switching port can be designated as a "sniff" port.) But that would only be a port at a time, so it depends what you want to monitor...even with a tap, is it possible to view all traffic going through and amidst the switch?? i.e. without building 24/48 taps for each connection? (I realize one tap for the uplink, but that would only grab the outgoing/incoming traffic and not the LAN traffic) -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Ulric Eriksson Sent: Friday, March 18, 2005 9:16 AM To: Marc Hering Cc: snort-users@lists.sourceforge.net Subject: Re: [Snort-users] Span/Snoop ports... On Fri, 18 Mar 2005, Marc Hering wrote: > Hey Guys, > I just deployed a Snort box to one of our data centers...and I ran=20 > into a bit of a snafu. We have a 2948G-L3 switch and want to snort on it. > The problem is that a L3 switch doesn't suppprt a snoop port...Has=20 > anyone found a way around this? Depending on the IOS version, you should be able to use the "port monitor" or "monitor session" commands. Ulric ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=3D6595&al...396&op=3Dclick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
