Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hub recommendations

From: Shane Williams <shanew () shanew net>
Date: Thu, 2 Dec 2004 11:04:49 -0600 (CST)
On Wed, 1 Dec 2004, Matt Van Mater wrote:


Yes, Cisco's mirroring capability does vary widely between products as
well as between IOS and CATOS.  It is easy to aggregate many source
ports to a single destination port, what I want to do is have many
sources aggregated into a kind of 'pool' and then have their combined
traffic sent to multiple destination ports.  What you just described
to me is just a regular SPAN configuration.

switch1-----|                       |--IDS
switch2-----|----aggregator----|--ntop
switch3-----|                       |--ethereal


I won't claim to fully grasp how it works, but the RSPAN ability in
some Cisco switches sounds like what you want.

Whatever you end up doing, I suspect there are more than a few of us
who would like to hear how it works out.

--
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew () shanew net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: