IDS mailing list archives
about mirroring port
From: "SB CH" <chulmin2 () hotmail com>
Date: Tue, 18 Mar 2003 00:36:45 +0000
hello, all.I would like to setup ids(like snort) at mirroring port in cisco catalyst switch. but all of the network traffic is over 100M, and my linux server which installs snort is not so good hardware.
So I think that when I setup snort at mirroring port, all traffic should via linux server so the network speed would be slow
Question.1. when I setup the mirroring port,all traffic(for example, port2 traffic) would transfer like this or just copy the traffic mirroring port too?
(1) client --> mirroring port1 --> port 2 (2) client --> port 2
--> mirroring port (copy too)2. Is there any problem when I set snort at mirroring port if the traffic is so high(over 100~200M)?
3. do you know any commands to setup mirroring port at catalyst 400x(catos based) switch?
Thanks in advance. _________________________________________________________________행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권 http://www.msn.co.kr/money/interlotto/
----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Applicationattacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- about mirroring port SB CH (Mar 18)
- Re: about mirroring port nate (Mar 18)
- RE: about mirroring port Rob Shein (Mar 18)
- Re: about mirroring port Karel Chwistek (Mar 23)
- <Possible follow-ups>
- Re: about mirroring port Joe Magee (Mar 23)
- Re: about mirroring port Dejan Markovic (Mar 26)
- RE: about mirroring port David Vertie (Mar 23)