RE: flex response and cisco span ports

[tyler () ibill com]

That's my thinking.  If the interface doing the 'snorting' does not have an
IP on it, packets should go out eth1 [or the 'mgmt' interface that has an
IP], correct?

tf.

-----Original Message-----
From: Greg Herlein [mailto:gherlein () herlein com]
Sent: Wednesday, January 02, 2002 1:19 PM
To: tyler () ibill com
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] flex response and cisco span ports


> So I guess my question is this.. Can I make the sensor send it's
> flex-response packets out the 'mgmt' port instead?  Surely there are other
> people with an environment like this [snort, cisco catalyst switches,
> flex-response] .. What's everyone else doing?

I suspect that you can fix this by making sure that your routing
configuration is set so that packets are routed out the
"management" interface.  I'd configure that eth to be the default
anyway, and have the second interface (eth1 or whatever) be the
snort port.  Then the response packets ought to go out as
expected.  

I think.  YRMV.

Greg


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager at postmaster () ibill com.
**********************************************************************

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users