Snort mailing list archives

RE: Pass data thru Cisco Switch?

From: "dbs" <brandon () kungfoo info>
Date: Thu, 15 Jul 2004 16:08:13 -0500

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are running IOS you can monitor by interface or by VLAN.  On
the interface the IDS is plugged into execute this command, "port
monitor ?" too see the available options.  From my experience you can
select multiple interfaces to monitor if they are on the same VLAN,
but in this case I would just monitor by VLAN.  For the most part a
Cisco 2900 running IOS has very limited monitoring capabilities as
the 'monitor to' interface and 'monitor from' interface have to be on
the same VLAN.  If your setup is a single VLAN setup you should have
very little problems setting it up.



Good Luck, 
Brandon







Fingerprint: 
AB56 1637 13F5 9FF8 2F0B  7147 F20D 21CB 5728 FEAE 

  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Carlton
L. Whitmore
  Sent: Wednesday, July 14, 2004 4:31 PM
  To: snort-users () lists sourceforge net
  Subject: [Snort-users] Pass data thru Cisco Switch?


  I want to setup Snort inside my network, but I know if I do my
Cisco Catalyst 2900 switches won't pass the data I need. How do I
configure the Cisco switches to pass the data thru to the IDS system?
  thanks,
  Carlton.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQPbyPfINIctXKP6uEQIR4ACdHx8nkSbpSzDAVrbIfeOtHZEiyw8AnR7B
ENkQkGCqGtCTsL9VOOC5XcA3
=EGdD
-----END PGP SIGNATURE-----

Attachment: PGPexch.htm.pgp
Description:

Current thread:

Pass data thru Cisco Switch? Carlton L. Whitmore (Jul 14)
- Re: Pass data thru Cisco Switch? twig les (Jul 14)
- RE: Pass data thru Cisco Switch? dbs (Jul 15)
  - Re: Pass data thru Cisco Switch? Jason (Jul 15)
- <Possible follow-ups>
- RE: Pass data thru Cisco Switch? Mitchell, Jason (Jul 15)