Snort mailing list archives
Re: Can snort analyze traffic from RSPAN port?
From: Mike Hale <eyeronic.design () gmail com>
Date: Thu, 12 Sep 2013 08:45:55 -0700
The security onion distro definitely can. That's how I'm feeding it traffic. There might be a vlan detagging script in there. On Sep 12, 2013 8:17 AM, "Russ Combs" <rcombs () sourcefire com> wrote:
It just might, but it depends on what other encapsulations are present. It would be helpful if you could try it out and let us know your results. If it doesn't work, some pcaps would also help. Thanks Russ On Thu, Sep 12, 2013 at 8:17 AM, Diana Patricia Chila Murcia < dpchilam () gmail com> wrote:Hi, We are design the way we will send traffic to SnortĀ“s sensors. We are looking the option to configure a RSPAN in our switch, but we would like to know if Snort can analyze traffic from RSPAN. Can you help me with this doubt? Thanks a lot! Best regards ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can snort analyze traffic from RSPAN port? Diana Patricia Chila Murcia (Sep 12)
- Re: Can snort analyze traffic from RSPAN port? Russ Combs (Sep 12)
- Re: Can snort analyze traffic from RSPAN port? Mike Hale (Sep 12)
- Re: Can snort analyze traffic from RSPAN port? Russ Combs (Sep 12)