[Snort-users] Configuring Cisco switches...

Erek Adams erek at ...577...
Fri Sep 21 07:16:02 EDT 2001

On Fri, 21 Sep 2001, Bryan Childs wrote:

> Hi everyone - this question has probably been done to death, but my google
> searching for answers has amounted to nought - so I'm going to have to ask
> it again I'm afraid!

It's Ok, we'll just give you lashes with a wet noodle.  ;-)

> The network here in my building is of course suffering from the recent Nimda
> virus/worm breakout, and we're trying to track infected boxes with snort.
> The entire network here is running on switched ethernet, which is giving us
> a bit of a headache. Most of the switches are dumb 3Com supplied ones, but
> we've been sensible enough (we think) to plug out snort box into the Cisco
> one which sits at the top of the network.
> The trouble is that we *still* don't seem to be able to monitor attacks
> which don't directly go for the snort box itself.
> The card is set up in promiscuous mode as it should be - but we think we
> need to do something to the switch to make sure it sees ALL our internal
> network traffic.
> Does anyone know what we might have missed? Or have any suggestions at all?



Now, your Cisco _should_ be able to do that.  If you don't know talk with your
local netoworking geek.  Bribe him with some wire ties or something...

> Cheers amigos......

Oh, you're bringing the beer?  Great!  Bring some Shinerbock.  :)

Erek Adams

More information about the Snort-users mailing list