[Snort-users] Snort in a switched environment

Scott McGee scottmcgee at ...4723...
Tue May 14 11:39:03 EDT 2002


Hi Bastian,

To monitor ports on a Cisco switch, use:

!
interface FastEthernet0/1
! description Snort nIDS port
 port monitor FastEthernet0/2
 port monitor FastEthernet0/3
 port monitor VLAN1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!

This would mirror FastEthernet 2, FastEthernet 3 and the VLAN1 to
FastEthernet 0/1.

See: http://www.cisco.com/warp/public/473/41.html

Scott
scottmcgee at ...4723...


----- Original Message -----
From: "Bastian Ballmann" <ballmann at ...3190...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, May 14, 2002 8:19 AM
Subject: [Snort-users] Snort in a switched environment


: Hello!
: Is it possible to run Snort in a switched environment? Cause Snort can
only
: sniff the traffic of the host he is running on. Unless he is doing
something
: like ARP poisoning or something like this...
: But I think this would lead into trouble if you run the arpspoof
preprocessor
: ;)
: Greets
:
: Bastian Ballmann
: --
: Bastian Ballmann [ ballmann at ...3190... ]
: @ Computational Design GmbH
: [ http://www.co-de.de ]
:
: _______________________________________________________________
:
: Have big pipes? SourceForge.net is looking for download mirrors. We
supply
: the hardware. You get the recognition. Email Us:
bandwidth at ...382...
: _______________________________________________
: Snort-users mailing list
: Snort-users at lists.sourceforge.net
: Go to this URL to change user options or unsubscribe:
: https://lists.sourceforge.net/lists/listinfo/snort-users
: Snort-users list archive:
: http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list