[Snort-users] Linux and switch problem???

Daniel Curry dcurry at ...5551...
Fri Jul 19 11:15:07 EDT 2002


  I have found out that we are using version 4 IOS
on the extreme.

twig les wrote:
> 
> K, I don't know Extreme, but check this out before
> migrating to the 2912:
> 
> http://www.cisco.com/warp/public/473/41.html#archXL
> 
> As for the snort box doing any voodoo, I don't buy it.
>  If there's a problem then it's on the switch and
> simply putting the switch config back to pre-slowdown
> config and seeing if the problem goes away should do
> it.
> 
> --- Daniel Curry <dcurry at ...5551...> wrote:
> > Twig,
> >   Thank you for your help. Here are teh answers
> > to your questions?
> >
> >
> > twig les wrote:
> > >
> > > What kind of switch?
> >  Extreme summit 48
> >  We will be installing onto a Cisco 2912.
> > > What did you change in the sewitch config for this
> > project?
> > Mirror port
> >
> > > What else is the Linux box doing?
> > Just running snort.
> >
> > > Simply putting an interface into
> > > promiscious mode can't affect a switch.  If you've
> > > spanned a Cisco 29xx or 35xx, then you may be in
> > > trouble, but make sure you aren't being
> > scapegoated.
> > > That's happened to me before ("Your sniffer is
> > slowing
> > > the network down!!" <huh?>)
> > >
> > > --- Daniel Curry <dcurry at ...5551...> wrote:
> > > >
> > > >      I have configure my eth1 as following.
> > > > eth1      Link encap:Ethernet  HWaddr
> > > > 00:50:8B:E3:99:7C
> > > >           UP BROADCAST RUNNING PROMISC MULTICAST
> > > > MTU:1500  Metric:1
> > > >           RX packets:0 errors:0 dropped:0
> > overruns:0
> > > > frame:0
> > > >           TX packets:0 errors:0 dropped:0
> > overruns:0
> > > > carrier:0
> > > >           collisions:0 txqueuelen:100
> > > >           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> > > >           Interrupt:11 Base address:0xc000
> > > >
> > > >
> > > > However I am getting reports from our network
> > folks
> > > > that "this is
> > > > bringing the switch down?"
> > > >
> > > >
> > > >   My ifcg-eth1 file looks like this.
> > > > DEVICE=eth1
> > > > BOOTPROTO=static
> > > > ONBOOT=yes
> > > >
> > > >  Is there anything wrong with my configuration?
> > > >
> > > > Please reply directly. I received snort email
> > via
> > > > "digest" mode.
> > > >
> > > > Thank you.
> > > > --
> > > > Daniel Curry
> > > > PGP AD5A 96DC 7556 A020 B8E7  0E4D 5D5E 9BA5
> > C83E
> > > 8C92> begin:vcard
> > > > n:Curry;Daniel
> > > > tel;fax:650-232-3200
> > > > tel;work:650-232-4006
> > > > x-mozilla-html:FALSE
> > > > url:www.corio.com
> > > > org:Corio Inc
> > > > adr:;;959 Skyway Road  Suite 100;San
> > > > Carlos;California;94070;USA
> > > > version:2.1
> > > > email;internet:dcurry at ...5551...
> > > > title:Sr. Information Security Eng.
> > > > x-mozilla-cpt:;-5312
> > > > fn:Daniel Curry
> > > > end:vcard
> > > >
> > >
> > > =====
> > >
> >
> -----------------------------------------------------------
> > > All warfare is based on deception.
> > >
> >
> -----------------------------------------------------------
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! Autos - Get free new car price quotes
> > > http://autos.yahoo.com
> >
> > --
> > Daniel Curry
> > DIRECT 650-232-4006
> > FAX 650-232-3200
> > PGP AD5A 96DC 7556 A020 B8E7  0E4D 5D5E 9BA5 C83E
> 8C92> begin:vcard
> > n:Curry;Daniel
> > tel;fax:650-232-3200
> > tel;work:650-232-4006
> > x-mozilla-html:FALSE
> > url:www.corio.com
> > org:Corio Inc
> > adr:;;959 Skyway Road  Suite 100;San
> > Carlos;California;94070;USA
> > version:2.1
> > email;internet:dcurry at ...5551...
> > title:Sr. Information Security Eng.
> > x-mozilla-cpt:;-5312
> > fn:Daniel Curry
> > end:vcard
> >
> 
> =====
> -----------------------------------------------------------
> All warfare is based on deception.
> -----------------------------------------------------------
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Autos - Get free new car price quotes
> http://autos.yahoo.com

-- 
Daniel Curry
DIRECT 650-232-4006
FAX 650-232-3200
PGP AD5A 96DC 7556 A020 B8E7  0E4D 5D5E 9BA5 C83E 8C92
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dcurry.vcf
Type: text/x-vcard
Size: 317 bytes
Desc: Card for Daniel Curry
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020719/a4ae7654/attachment.vcf>


More information about the Snort-users mailing list