Re: Cisco Catalyst - SNORT

[Scott Fringer <fringsm () is2 hsnet ufl edu>]

Actually, depending on the version of code on the 6000 (or 4000/5000 for
that matter) you can set up spans that support two-way traffic. (We use
CatOS not IOS on our 6ks/5ks/4ks).

Check the span syntax on the device and look for the inpkts options, which
allows for traffic to be sent/received as well as mirrored.

While this is a usable solution; it is still better to have a separate NIC
for transport and a separate NIC for monitoring.

Scott

Scott Fringer                              Shands Healthcare @ U.F.
Technical Analyst II                       Gainesville, FL

On Mon, 23 Jun 2003, Javier Liendo wrote:

> hello jose
>
> you'll have to configure the switch port where you are
> plugging the snort device as a "span" port...
>
> pls take a look at the following link to see how you
> can configure it on a 6000 series catalyst switch...
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/span.htm
>
> also in my experience, if you configure a switch port
> as span then you can not pass any management traffic
> through that port so you will have to add another
> network card and plug it to another switch port if you
> want to manage this device remotely...
>
> saludos
>
> javier


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users