Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SPAN port packet related

From: "Ahmad Masood Shah" <jahil () 66-uetclub com>
Date: Thu, 14 Aug 2003 15:24:14 +0500
ohh then what is the problem here with my setup. I have attached my border
router to switch 0/11. My border router traffic 500 Kbps in and 600 Kbps out
round about. I'm using Catalyst 3500 to mirror traffic for port 0/11 to SPAN
0/10.
but it's very strange for me IDS system traffic is not exceeding more than
40 Kbps or 70 Kbps. so If my border outer traffic is more than 500 K then my
IDS system traffic must be 500 K or more than that. logging is workign
properly on IDS for border router. I mean to say I can see traffic is coming
@ my IDS system via 0/11 port.

what could be wrong?

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

----- Original Message ----- 
From: "Faiz Ahmad Shuja" <faizshuja () yahoo it>
To: "'Ahmad Masood Shah'" <jahil () 66-uetclub com>;
<snort-users () lists sourceforge net>
Sent: Thursday, August 14, 2003 2:53 AM
Subject: RE: [Snort-users] SPAN port packet related


| A copy of all the traffic on port 0/11 and 0/12 will be sent on port
| 0/10 by switch. It will send "everything" coming on these ports.
|
| Regards,
| Faiz
|
|
| -----Original Message-----
| From: snort-users-admin () lists sourceforge net
| [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ahmad
| Masood Shah
| Sent: Wednesday, August 13, 2003 12:48 PM
| To: snort-users () lists sourceforge net
| Subject: [Snort-users] SPAN port packet related
|
|
| 0/12. SPAN port
| is 0/10. my 0/11 port data is upto 1 Mbps. My question is that when
| switch will send packet information to my IDS via SPAN port  it will
| redirect all traffic or it will send simple packet header to IDS sensor.
|
| -- 
|
| Best Regs,
| Masood Ahmad Shah
|
|
|
| -------------------------------------------------------
| This SF.Net email sponsored by: Free pre-built ASP.NET sites including
| Data Reports, E-commerce, Portals, and Forums are available now.
| Download today and enter to win an XBOX or Visual Studio .NET.
| http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01
| /01
| _______________________________________________
| Snort-users mailing list
| Snort-users () lists sourceforge net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
|



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: