[Snort-users] Spanning port

Wayne T Work securitygauntlet at ...3130...
Sat Sep 21 07:40:02 EDT 2002


Spanning ports, mirroring ports, whatever the particular company want to
call it. The concept is straight forward. Switches ports are separate
segments across the switch. So, port one can not see, interfere or directly
traverse. Unlike a hub where all ports are a LIKE and collisions occur. To
see all the traffic across all the computers placed in a switch, one must
create a port which acts as a hub. This allows visibility across the entire
switch. I know the 2900 Cisco allows for this. One should also not that the
port used for spanning is generally a "Listen Only" port. General traffic
theory (In and Out) does not apply. So don't try to get to the IDS box's NIC
card on the spanning port. One must use a standard port for visibility to
the IDS box.

Hope this helps.

Wayne

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of jai
Sent: Saturday, September 21, 2002 1:34 AM
To: quentyn at ...3871...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Spanning port


Hi,

Thanx for reply...

I got CISCO 2900 catalyst switch...

Basically i am new to snort or IDS...and i have gone through FAQs..there i
found out spanning port concept...
Now i want to know how it will help me

jai


----- Original Message -----
From: <quentyn at ...3871...>
To: jai <jai.s at ...6716...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, September 20, 2002 8:10 PM
Subject: Re: [Snort-users] Spanning port


> > jai wrote:
> >
> > Hi,
> >
> > I have cisco switch ..how should i make a one of the port to spanning
> > port..
> >
> > jai
>
>
> you need to tell us the model of the switch...
>
> details are for whimps ;o)
>
> hint go to cisco's website and type in "<your model number> span" or
> "<your model number> mirror" in the search box.
>
> if you post the model here then the replies can go into the archive
>
> Q
>
> --
> #####################
> Quentyn Taylor
> Sysadmin - Fotango
> #####################
> Don't use a big word where a diminutive one will suffice.
>    Paul Tomblin
>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list