Snort mailing list archives
RE: [SPAM] - RE: Span/Snoop ports... - Email found in subject
From: "Marc Hering" <mhering () reval com>
Date: Fri, 18 Mar 2005 09:31:25 -0500
If I configured the port as a dot1q trunk would Snort understand that traffic? I need to mirror 2 switchs that are trunked together so I can grab all the traffic..... -----Original Message----- From: Lee Clemens [mailto:snort () leeclemens net] Sent: Friday, March 18, 2005 9:28 AM To: 'Ulric Eriksson'; Marc Hering Cc: snort-users () lists sourceforge net Subject: [SPAM] - RE: [Snort-users] Span/Snoop ports... - Email found in subject That particular switch does support port mirring, as per the www.cisco.com: Redirection of traffic from any port to a "sniff" port. (Any switching port can be designated as a "sniff" port.) But that would only be a port at a time, so it depends what you want to monitor...even with a tap, is it possible to view all traffic going through and amidst the switch?? i.e. without building 24/48 taps for each connection? (I realize one tap for the uplink, but that would only grab the outgoing/incoming traffic and not the LAN traffic) -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ulric Eriksson Sent: Friday, March 18, 2005 9:16 AM To: Marc Hering Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Span/Snoop ports... On Fri, 18 Mar 2005, Marc Hering wrote:
Hey Guys, I just deployed a Snort box to one of our data centers...and I ran into a bit of a snafu. We have a 2948G-L3 switch and want to snort on
it.
The problem is that a L3 switch doesn't suppprt a snoop port...Has anyone found a way around this?
Depending on the IOS version, you should be able to use the "port monitor" or "monitor session" commands. Ulric ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [SPAM] - RE: Span/Snoop ports... - Email found in subject Marc Hering (Mar 18)