Re: Snort on span port

["Michael J. Pelletier" <mjpelletier () mjpelletier com>]

> Hey man don't be dis'ing my net engineers!

> J/K.

> Ok, so if I remember correctly, root-bridges are like only for vlan trunking
protocol and elections and what-not of switches that will act as root bridges.

Root Bridges are used for SPANNING TREE!. You can run VLAN trunks with SPANNING
TREE. With SPANNING TREE each bridge will calulate it's distance from the root
bridge to itself. This cost is used to determine the shortest past cost to the
root bridge. Although ROOT BRIDGES are used with SPANNING TREE and VLANS can
use SPANNING TREE ther are not the same.

> All they do is keep track of vlans.

Not true. Root bridges help determine path cost between bridges.

> Not sure what this has to do with port spanning/monitoring. Your engineers
should be spannig at the physical layer and not the vlan layer.

Actually you can do both if your IDS understands VLAN trunking.

> They should be spanning the physical ports that the vlans are trunked on and
connected to each other. Nevermind the gibberish about Cisco switches not
keeping up with spanning...hogwash!

Dude, Sorry but the Cisco 5500 series is known for this. Newer, ie 6500, etc are
much, much better. Ask any Cisco engineer or someone, like me, that has used
them for years. In private the Cisco Engineer will tell you.

> You assign vlans and trucks to ports, all the engineers need to worry about
are physically spannning those ports to your ports.

> IOW, let's say my trunk port is port one on one of the switches. The port is
either part of the backbone or at least connects to the other switches. Now
let's say your IDS is connected to port two. All the engineer has to do is get
on the switch, go to port 2 and type in "port monitor fa0/1" Then you'd be set!

Cheese!

Marc


/*******************************************/
UNIX is a very friendly OS. It is just picky
about who it makes friends with.
/*******************************************/

Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately.


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users