Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Monitor multiple VLANs

From: "Martin Jr., D. Michael" <martinm () montevallo edu>
Date: Thu, 16 Oct 2003 10:59:00 -0500
My problem is trying to figure out how to have a single port monitor the
multiple VLANs.  I understand that setting up SPAN (Switch Port
Analyzer) port may be the answer but this ^%$$^ Catalyst 4006 with Sup
III does not even use the same commands as outlined in the docs I've
seen by Cisco.  Setting-up a separate Snort box for each VLAN would be
too costly and, given our size, really overkill.  I just need to setup
this port to essentially "listen" to all the traffic on the other VLANs.

Suggestions?

Michael

-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com] 
Sent: Thursday, October 16, 2003 10:27 AM
To: Martin Jr., D. Michael
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Monitor multiple VLANs

*wave to montevallo.edu* (originally from Birmingham.. )

Snort by default just strips off the vlan headers and decodes the
packets as if there were no vlans.  You will only run into troubles
with using the CISCO-specific trunking protocols (ISL)... but having
multiple VLANs won't be a problem.


"Martin Jr., D. Michael" <martinm () montevallo edu> writes:


I was wondering if anyone out there has been successful in configuring
Snort to monitor traffic on multiple VLANs.  If so, how did you
accomplish this?  We are basically a "Cisco-shop" and are thinking of
segmenting our residence halls (and other areas) into separate VLANs

for

security and virus propagation defense.  However, we would like to
configure our Snort box (Windows 2000) to actually be able to see and
"sniff" the traffic on all of the VLANs.

Any suggestions?

Thanks,

Michael Martin
University of Montevallo

-- 
Chris Green <cmg () sourcefire com>
Eschew obfuscation.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: