Snort mailing list archives
Re: 802.1q Monitoring
From: Jeff Nathan <jeff () snort org>
Date: Fri, 06 Jun 2003 15:43:16 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I replied to Chris Green before looking at DecodeVlan. Snort is already capable of decoding 802.1Q. A trunk port simply carries 802.1Q tags when sending frames out an interface. Thus, it should work as is for your purposes. - -Jeff - --On Thursday, June 5, 2003 15:46 -0500 Ron Shuck <rshuck () Buchanan com> wrote:
Hi, Has anyone implemented or tried to monitor a 802.1q (trunked) connection with Snort? I saw that DLink has a 802.1q compatible card, and that it appears to be supported under Linux. I have several remote locations that do not have a huge amount of traffic, but there are several VLANS. It would be much easier and get the most coverage to port mirror/tap the WAN connection, but it is trunked. Any help would be greatly appreciated. Thanks, Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant Buchanan Associates - A Technology Company in the People Business ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- http://cerberus.sourcefire.com/~jeff (gpg key available) Great spirits have always encountered violent opposition from mediocre minds. - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+4RkIEqr8+Gkj0/0RAmBlAKCW9MS2Jtt24M2/SQg5NHbqGSOpQACffqIt rlf6dl45PPKCNSOIGJg+fxw= =6T+b -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 802.1q Monitoring Ron Shuck (Jun 05)
- Re: 802.1q Monitoring Bennett Todd (Jun 06)
- Re: 802.1q Monitoring Chris Green (Jun 06)
- Re: 802.1q Monitoring Jeff Nathan (Jun 06)
- Re: 802.1q Monitoring Chris Green (Jun 06)
- Re: 802.1q Monitoring Jeff Nathan (Jun 06)
- <Possible follow-ups>
- RE: 802.1q Monitoring Ron Shuck (Jun 06)
- Re: 802.1q Monitoring Chris Green (Jun 06)
- Re: 802.1q Monitoring Bennett Todd (Jun 06)