Snort mailing list archives
Re: Sniffing the Gateways
From: <controld () transatlas com>
Date: Wed, 28 Nov 2001 14:54:05 -0800 (PST)
Lil confused? Can't quite envision the gateway data flow? How do these gateways terminate to your external router? If its on a switch, mirror those ports to a snort port. On Wed, 28 Nov 2001, jamesh wrote:
We have 2 gateways, and I am sniffing traffic off both the Ethernet interfaces (via the switch). I was hoping to see all the traffic for our statewide network this way, but I am not. After a bit of thinking I realized this probably will not show me the several serial interfaces that exist on these gateways, as these route directly out the WAN connections (ie, serial and WAN connections are on the same box and route port to port to get to the internet) and not thru the Ethernet interfaces. Is this correct ? If so how would I go about seeing everything ? As luck would have it, the secondary gateway is our Cisco 72XX, where multiple T's to the DSLAM's for DSL exist. BGP tends to send these connections out this gateway and only once an a while does BGP decide to use the primary gateway for DSL; in this case Snort will see this. As we have 400+ DSL subscribers; I am interested to see if any have DoS tools installed (and other bad things). Generally I just sniff all our servers, this works great. Once a day I would like to watch all traffic to get the big picture with a special interest in what is going on with DSL. Any ideas ? James Edwards jamesh () cybermesa com At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200 or Toll Free: 888-988-2700 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sniffing the Gateways jamesh (Nov 28)
- Re: Sniffing the Gateways controld (Nov 28)
- Re: Sniffing the Gateways jamesh (Nov 28)
- <Possible follow-ups>
- RE: Sniffing the Gateways Madziarczyk, Jonathan (Nov 29)
- Re: Sniffing the Gateways controld (Nov 28)