Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [SPAM] - RE: Span/Snoop ports... - Email found in subject

From: "Marc Hering" <mhering () reval com>
Date: Fri, 18 Mar 2005 09:31:25 -0500
If I configured the port as a dot1q trunk would Snort understand that
traffic?    I need to mirror 2 switchs that are trunked together so I
can grab all the traffic..... 

-----Original Message-----
From: Lee Clemens [mailto:snort () leeclemens net] 
Sent: Friday, March 18, 2005 9:28 AM
To: 'Ulric Eriksson'; Marc Hering
Cc: snort-users () lists sourceforge net
Subject: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in
subject

That particular switch does support port mirring, as per the
www.cisco.com:

Redirection of traffic from any port to a "sniff" port. (Any switching
port can be designated as a "sniff" port.)

But that would only be a port at a time, so it depends what you want to
monitor...even with a tap, is it possible to view all traffic going
through and amidst the switch?? i.e. without building 24/48 taps for
each connection? (I realize one tap for the uplink, but that would only
grab the outgoing/incoming traffic and not the LAN traffic)


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ulric
Eriksson
Sent: Friday, March 18, 2005 9:16 AM
To: Marc Hering
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Span/Snoop ports...


On Fri, 18 Mar 2005, Marc Hering wrote:


Hey Guys,
I just deployed a Snort box to one of our data centers...and I ran 
into a bit of a snafu.  We have a 2948G-L3 switch and want to snort on

it.

The problem is that a L3 switch doesn't suppprt a snoop port...Has 
anyone found a way around this?


Depending on the IOS version, you should be able to use the "port
monitor" or "monitor session" commands.

Ulric


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: