|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Pass data thru Cisco Switch?
From: Jason (security
brvenik.com)
Date: Thu Jul 15 2004 - 17:08:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
dbs wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If you are running IOS you can monitor by interface or by VLAN. On
> the interface the IDS is plugged into execute this command, "port
> monitor ?" too see the available options. From my experience you can
> select multiple interfaces to monitor if they are on the same VLAN,
> but in this case I would just monitor by VLAN. For the most part a
> Cisco 2900 running IOS has very limited monitoring capabilities as
> the 'monitor to' interface and 'monitor from' interface have to be on
> the same VLAN.
Hmmmm, I differ...
the-switch>sho ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1, RELEASE
SOFTWARE )
[...]
the-switch>sho span
VLAN0003
[...]
Interface Port ID Designated
Port ID
Name Prio.Nbr Cost Sts Cost Bridge ID
Prio.Nbr
---------------- -------- --------- --- --------- --------------------
--------
Fa0/3 128.3 19 FWD 0 32771 000a.8ab5.9500 128.3
Fa0/4 128.4 19 FWD 0 32771 000a.8ab5.9500 128.4
[...]
VLAN0192
[...]
Interface Port ID Designated
Port ID
Name Prio.Nbr Cost Sts Cost Bridge ID
Prio.Nbr
---------------- -------- --------- --- --------- --------------------
--------
Fa0/17 128.17 19 FWD 0 32960 000a.8ab5.9500
128.17
Fa0/18 128.18 19 FWD 0 32960 000a.8ab5.9500
128.18
[...]
the-switch>sho monitor
Session 1
---------
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/3-22
Destination Ports: Fa0/24
[...]
the-switch#wri t
[...]
monitor session 1 source interface Fa0/3 - 22
monitor session 1 destination interface Fa0/24
[...]
If your setup is a single VLAN setup you should have
> very little problems setting it up.
>
>
>
> Good Luck,
> Brandon
>
>
>
>
>
>
>
> Fingerprint:
> AB56 1637 13F5 9FF8 2F0B 7147 F20D 21CB 5728 FEAE
>
> -----Original Message-----
> From: snort-users-adminlists.sourceforge.net
> [mailto:snort-users-adminlists.sourceforge.net]On Behalf Of Carlton
> L. Whitmore
> Sent: Wednesday, July 14, 2004 4:31 PM
> To: snort-userslists.sourceforge.net
> Subject: [Snort-users] Pass data thru Cisco Switch?
>
>
> I want to setup Snort inside my network, but I know if I do my
> Cisco Catalyst 2900 switches won't pass the data I need. How do I
> configure the Cisco switches to pass the data thru to the IDS system?
> thanks,
> Carlton.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQPbyPfINIctXKP6uEQIR4ACdHx8nkSbpSzDAVrbIfeOtHZEiyw8AnR7B
> ENkQkGCqGtCTsL9VOOC5XcA3
> =EGdD
> -----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]