|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: about mirroring port
From: Karel Chwistek (karel.chwistek
i.cz)
Date: Thu Mar 20 2003 - 02:28:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SB CH wrote:
>
> hello, all.
>
> I would like to setup ids(like snort) at mirroring port in cisco
> catalyst switch.
> but all of the network traffic is over 100M, and my linux server which
> installs snort is not so good hardware.
>
> So I think that when I setup snort at mirroring port, all traffic
> should via linux server so the network speed would be slow
I don't mean so ... coz mirroring port is used just for traffic analysis
... so it should not slow down speed of your network ...
>
>
> Question.
>
> 1. when I setup the mirroring port,all traffic(for example, port2
> traffic) would transfer like this or just copy the traffic mirroring
> port too?
>
> (1) client --> mirroring port1 --> port 2 (2) client --> port 2
> --> mirroring port (copy too)
it will just copy the traffic to mirroring port too
>
> 2. Is there any problem when I set snort at mirroring port if the
> traffic is so high(over 100~200M)?
it is depending on speed of you machine where you have installed snort
>
>
> 3. do you know any commands to setup mirroring port at catalyst
> 400x(catos based) switch?
Switch(config)# monitor session 1 source interface fa2/3
for monitoring full traffic from/to fasteethernet 2/3 or
Switch(config)# monitor session 1 source interface fa2/3 rx
Switch(config)# monitor session 1 source interface fa2/2 tx
for monitoring traffic comming from interface fa2/3 or outgoing by
interface fa2/2
port where do you want to see this traffic is configured by command
Switch(config)# monitor session 1 destination interface fastethernet 5/48
You must remember that the destignation port is then used only
monitoring not for communication !!
For more informations look at
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/span.pdf
K.Ch.
-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]