Snort mailing list archives
Re: Pass data thru Cisco Switch?
From: Jason <security () brvenik com>
Date: Thu, 15 Jul 2004 18:08:20 -0400
dbs wrote:
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 If you are running IOS you can monitor by interface or by VLAN. On the interface the IDS is plugged into execute this command, "port monitor ?" too see the available options. From my experience you can select multiple interfaces to monitor if they are on the same VLAN, but in this case I would just monitor by VLAN. For the most part a Cisco 2900 running IOS has very limited monitoring capabilities as the 'monitor to' interface and 'monitor from' interface have to be onthe same VLAN.
Hmmmm, I differ... the-switch>sho ver Cisco Internetwork Operating System SoftwareIOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1, RELEASE SOFTWARE )
[...] the-switch>sho span VLAN0003 [...]Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr ---------------- -------- --------- --- --------- -------------------- --------
Fa0/3 128.3 19 FWD 0 32771 000a.8ab5.9500 128.3 Fa0/4 128.4 19 FWD 0 32771 000a.8ab5.9500 128.4 [...] VLAN0192 [...]Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr ---------------- -------- --------- --- --------- -------------------- -------- Fa0/17 128.17 19 FWD 0 32960 000a.8ab5.9500 128.17 Fa0/18 128.18 19 FWD 0 32960 000a.8ab5.9500 128.18
[...]
the-switch>sho monitor
Session 1
---------
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/3-22
Destination Ports: Fa0/24
[...]
the-switch#wri t
[...]
monitor session 1 source interface Fa0/3 - 22
monitor session 1 destination interface Fa0/24
[...]
If your setup is a single VLAN setup you should have
very little problems setting it up.Good Luck, BrandonFingerprint: AB56 1637 13F5 9FF8 2F0B 7147 F20D 21CB 5728 FEAE-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Carlton L. Whitmore Sent: Wednesday, July 14, 2004 4:31 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Pass data thru Cisco Switch? I want to setup Snort inside my network, but I know if I do my Cisco Catalyst 2900 switches won't pass the data I need. How do I configure the Cisco switches to pass the data thru to the IDS system? thanks, Carlton. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQPbyPfINIctXKP6uEQIR4ACdHx8nkSbpSzDAVrbIfeOtHZEiyw8AnR7B ENkQkGCqGtCTsL9VOOC5XcA3 =EGdD -----END PGP SIGNATURE-----
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pass data thru Cisco Switch? Carlton L. Whitmore (Jul 14)
- Re: Pass data thru Cisco Switch? twig les (Jul 14)
- RE: Pass data thru Cisco Switch? dbs (Jul 15)
- Re: Pass data thru Cisco Switch? Jason (Jul 15)
- <Possible follow-ups>
- RE: Pass data thru Cisco Switch? Mitchell, Jason (Jul 15)