Snort mailing list archives
RE: Spanning port
From: "Wayne T Work" <securitygauntlet () snet net>
Date: Sat, 21 Sep 2002 10:37:05 -0400
Spanning ports, mirroring ports, whatever the particular company want to call it. The concept is straight forward. Switches ports are separate segments across the switch. So, port one can not see, interfere or directly traverse. Unlike a hub where all ports are a LIKE and collisions occur. To see all the traffic across all the computers placed in a switch, one must create a port which acts as a hub. This allows visibility across the entire switch. I know the 2900 Cisco allows for this. One should also not that the port used for spanning is generally a "Listen Only" port. General traffic theory (In and Out) does not apply. So don't try to get to the IDS box's NIC card on the spanning port. One must use a standard port for visibility to the IDS box. Hope this helps. Wayne -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of jai Sent: Saturday, September 21, 2002 1:34 AM To: quentyn () fotango com Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Spanning port Hi, Thanx for reply... I got CISCO 2900 catalyst switch... Basically i am new to snort or IDS...and i have gone through FAQs..there i found out spanning port concept... Now i want to know how it will help me jai ----- Original Message ----- From: <quentyn () fotango com> To: jai <jai.s () net4india net> Cc: <snort-users () lists sourceforge net> Sent: Friday, September 20, 2002 8:10 PM Subject: Re: [Snort-users] Spanning port
jai wrote: Hi, I have cisco switch ..how should i make a one of the port to spanning port.. jaiyou need to tell us the model of the switch... details are for whimps ;o) hint go to cisco's website and type in "<your model number> span" or "<your model number> mirror" in the search box. if you post the model here then the replies can go into the archive Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### Don't use a big word where a diminutive one will suffice. Paul Tomblin
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spanning port jai (Sep 20)
- spp_stream4: TTL EVASION (reassemble) detection Pedro Tedeschi (Sep 20)
- Re: Spanning port quentyn (Sep 20)
- Re: Spanning port jai (Sep 20)
- RE: Spanning port Wayne T Work (Sep 21)
- Re: Spanning port twig les (Sep 21)
- Re: Spanning port jai (Sep 20)
- <Possible follow-ups>
- RE: Spanning port McCammon, Keith (Sep 20)
- RE: Spanning port Uhte, Russ (Sep 20)