Snort mailing list archives
RE: Cisco Switch Question
From: sjk <sjk () dredel com>
Date: Tue, 16 Oct 2001 12:27:42 -0500 (CDT)
On the Cisco 2900/3500 SW you have to set a port up as a monitor port -- as I recall -- on the interface set "port monitor vlan 1" one port per vlan. --sjk On Tue, 16 Oct 2001, Mike Shaw wrote:
From my experience, some cheaper SOHO switches aren't really switches at all. They are hubs that occasionally show some limited switch-like characteristics. Can't really speak for the Linksys, but definitely some no-name 'switches' bought from the mom-and-pop places. I've seen one that basically had one bridge-ish cross over port, and they called it a switch. Double check and make sure what you have is an actuall 100% switch. -Mike At 07:31 AM 10/16/2001 -0400, Tim Parker wrote:One other question that comes to mind, is this just for Cisco equipment? I didn't do this at home on the Linksys and it works fine. -----Original Message----- From: Tim Parker [mailto:tparker () kennett net] Sent: Tuesday, October 16, 2001 6:09 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Cisco Switch Question Thanks everyone for the help! I appreciate it. Tim -----Original Message----- From: Chris Schuler [mailto:cschuler () columbus rr com] Sent: Monday, October 15, 2001 8:17 PM To: Tim Parker Subject: Re: [Snort-users] Cisco Switch Question you will need to set the port the snort machine is plugged into into a monitor port en conf t int f0/# (#=port #) switchport monitor 1-24 (or you can give it a vlan # ) ^z wr me this will cause all traffic from the defince ports, or vlan to be mirrored to that port..thus letting the snort box see all traffic if ya get in trouble do a '?' ----- Original Message ----- From: "Tim Parker" <tparker () kennett net> To: <snort-users () lists sourceforge net> Sent: Monday, October 15, 2001 8:11 PM Subject: [Snort-users] Cisco Switch QuestionI just set up an NT monitoring station at home on my small network and I have it plugged into a Linksys 10/100 Switch. At work I have both aMandrake8.0 system and an NT box with Snort 1.8, these are both plugged into aCisco2912 on my desk. I am not getting any alerts from the two units at work. What do I need to do differently? I just want them to monitor the subnet they are on now for testing. Eventually (after a learn a bit more!) I am going to be setting up a unit to monitor a DMZ and a web site. Thanks for any pointers..... _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cisco Switch Question Tim Parker (Oct 15)
- <Possible follow-ups>
- RE: Cisco Switch Question Tim Parker (Oct 16)
- RE: Cisco Switch Question Tim Parker (Oct 16)
- RE: Cisco Switch Question Mike Shaw (Oct 16)
- RE: Cisco Switch Question sjk (Oct 16)
- RE: Cisco Switch Question Mike Shaw (Oct 16)
- RE: Cisco Switch Question Jim Howard (Oct 16)