Re: Snort-users digest, Vol 1 #3643 - 11 msgs

["Marc Quibell" <mquibell () fbfs com>]

On the switch, set a trunk port that includes all of those vlans.

Plug your Snort box into that trunk port, you should then see all traffic going
to/from those vlans that is going through that switch.

BTW, to span a port in the 4006:
monitor session {session} {source {interface type num} | {vlan vlan_id}} [, | -
| rx | tx | both]

You're gonna have to have an initial trunking port that cross-connects to
another switch or router, so you may want to create that trunk port and just
mirror (span)
it to another port, and that is where you will plug in your sensor. The switch
supports the standard 802.1q and Cisco's ISL trunking protocols.

Cheese.

Marc

"Martin Jr., D. Michael" <martinm () montevallo edu> writes:

> I was wondering if anyone out there has been successful in configuring =

> Snort to monitor traffic on multiple VLANs.  If so, how did you=20
> accomplish this?  We are basically a "Cisco-shop" and are thinking of=20
> segmenting our residence halls (and other areas) into separate VLANs
for
> security and virus propagation defense.  However, we would like to=20
> configure our Snort box (Windows 2000) to actually be able to see and=20
> "sniff" the traffic on all of the VLANs.
>
> Any suggestions?
>
> Thanks,
>
> Michael Martin
> University of Montevallo




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users