[Snort-users] Snort & Cisco Catalyst ISL

Dave Cundiff dave.cundiff at ...5198...
Mon Mar 4 05:51:04 EST 2002

I'm looking at setting up snort for my network here but have a quick
question that I can't seem to answer from any of the documentation. I'm
going to be using a hardware sniffer to copy the ISL trunk going between my
main switch and my router to a snort box. This should allow snort to sniff
all traffic on my network. However since it's an ISL trunk all the packets
will have an additional header on them containing what vlan the packet is

So my question is can or is there some way that Snort can ignore that first
header? Or will it just not be able to make any sense out of the packet?

Dave Cundiff
Systems Administrator
World Wide Net, Inc.

More information about the Snort-users mailing list