[Snort-users] Configuring Cisco switches...

Erek Adams erek at ...577...
Fri Sep 21 07:16:02 EDT 2001


On Fri, 21 Sep 2001, Bryan Childs wrote:

> Hi everyone - this question has probably been done to death, but my google
> searching for answers has amounted to nought - so I'm going to have to ask
> it again I'm afraid!

It's Ok, we'll just give you lashes with a wet noodle.  ;-)

> The network here in my building is of course suffering from the recent Nimda
> virus/worm breakout, and we're trying to track infected boxes with snort.
>
> The entire network here is running on switched ethernet, which is giving us
> a bit of a headache. Most of the switches are dumb 3Com supplied ones, but
> we've been sensible enough (we think) to plug out snort box into the Cisco
> one which sits at the top of the network.
>
> The trouble is that we *still* don't seem to be able to monitor attacks
> which don't directly go for the snort box itself.
>
> The card is set up in promiscuous mode as it should be - but we think we
> need to do something to the switch to make sure it sees ALL our internal
> network traffic.
>
> Does anyone know what we might have missed? Or have any suggestions at all?

Yeppers...

http://snort.sourcefire.com/docs/faq.html#1.8

Now, your Cisco _should_ be able to do that.  If you don't know talk with your
local netoworking geek.  Bribe him with some wire ties or something...

> Cheers amigos......

Oh, you're bringing the beer?  Great!  Bring some Shinerbock.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list