Snort mailing list archives
Re: Snort on span port
From: "Michael J. Pelletier" <mjpelletier () mjpelletier com>
Date: Thu, 12 Aug 2004 21:35:59 -0700
Hey man don't be dis'ing my net engineers!
J/K.
Ok, so if I remember correctly, root-bridges are like only for vlan trunking
protocol and elections and what-not of switches that will act as root bridges. Root Bridges are used for SPANNING TREE!. You can run VLAN trunks with SPANNING TREE. With SPANNING TREE each bridge will calulate it's distance from the root bridge to itself. This cost is used to determine the shortest past cost to the root bridge. Although ROOT BRIDGES are used with SPANNING TREE and VLANS can use SPANNING TREE ther are not the same.
All they do is keep track of vlans.
Not true. Root bridges help determine path cost between bridges.
Not sure what this has to do with port spanning/monitoring. Your engineers
should be spannig at the physical layer and not the vlan layer. Actually you can do both if your IDS understands VLAN trunking.
They should be spanning the physical ports that the vlans are trunked on and
connected to each other. Nevermind the gibberish about Cisco switches not keeping up with spanning...hogwash! Dude, Sorry but the Cisco 5500 series is known for this. Newer, ie 6500, etc are much, much better. Ask any Cisco engineer or someone, like me, that has used them for years. In private the Cisco Engineer will tell you.
You assign vlans and trucks to ports, all the engineers need to worry about
are physically spannning those ports to your ports.
IOW, let's say my trunk port is port one on one of the switches. The port is
either part of the backbone or at least connects to the other switches. Now let's say your IDS is connected to port two. All the engineer has to do is get on the switch, go to port 2 and type in "port monitor fa0/1" Then you'd be set! Cheese! Marc /*******************************************/ UNIX is a very friendly OS. It is just picky about who it makes friends with. /*******************************************/ Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on span port Ilango S Allikuzhi (Aug 09)
- Re: Snort on span port Charles Heselton (Aug 11)
- <Possible follow-ups>
- Re: Snort on span port Michael J. Pelletier (Aug 11)
- Re: Snort on span port TKaroutsos (Aug 11)
- Re: Snort on span port Michael J. Pelletier (Aug 11)
- Re: Snort on span port Rich Adamson (Aug 11)
- Re: Snort on span port Michael J. Pelletier (Aug 11)
- Re: Snort on span port SN ORT (Aug 12)
- Re: Snort on span port Michael J. Pelletier (Aug 12)
- Fwd: Snort on span port Charles Heselton (Aug 14)
- Re:Snort on span port SN ORT (Aug 16)
- RE: Snort on span port Douglas McCrea (Aug 17)