[Snort-devel] VLAN?

Chris Green cmg at ...402...
Thu Jan 30 05:07:08 EST 2003


"Stewart, Nicholas (ITD)" <NAS at ...1794...> writes:

> If I have two devices physically located close to each other with 4 up links
> and multiple VLANs,
> can I put one sensor device between the two to monitor ports on each device?
> Does the sensor need to be in one of the VLANs, or can a sensor read across
> VLANs?

If you mean tagged vlans...

Snort will decode 1 vlan deep.  We don't currently handle VLANs on top
of VLANs.  If someone has a packet capture of nested VLANs, I would
love a small copy for decoder verification
-- 
Chris Green <cmg at ...402...>
Warning: time of day goes back, taking countermeasures.






More information about the Snort-devel mailing list