[Snort-users] Snort in a switched environment
Nathan.Spitzer at ...5841...
Tue May 14 11:50:02 EDT 2002
Be careful, that is only for certain low-end switches. For my 2948G's,
4000,5000, and 6000 its set span as per your link.
From: Scott McGee [mailto:scottmcgee at ...4723...]
Sent: Tuesday, May 14, 2002 2:41 PM
To: Bastian Ballmann
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort in a switched environment
To monitor ports on a Cisco switch, use:
! description Snort nIDS port
port monitor FastEthernet0/2
port monitor FastEthernet0/3
port monitor VLAN1
This would mirror FastEthernet 2, FastEthernet 3 and the VLAN1 to
scottmcgee at ...4723...
----- Original Message -----
From: "Bastian Ballmann" <ballmann at ...3190...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, May 14, 2002 8:19 AM
Subject: [Snort-users] Snort in a switched environment
: Is it possible to run Snort in a switched environment? Cause Snort can
: sniff the traffic of the host he is running on. Unless he is doing
: like ARP poisoning or something like this...
: But I think this would lead into trouble if you run the arpspoof
: Bastian Ballmann
: Bastian Ballmann [ ballmann at ...3190... ]
: @ Computational Design GmbH
: [ http://www.co-de.de ]
: Have big pipes? SourceForge.net is looking for download mirrors. We
: the hardware. You get the recognition. Email Us:
bandwidth at ...382...
: Snort-users mailing list
: Snort-users at lists.sourceforge.net
: Go to this URL to change user options or unsubscribe:
: Snort-users list archive:
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users