[Snort-users] SPAN port packet related

Ahmad Masood Shah jahil at ...9835...
Thu Aug 14 03:44:04 EDT 2003


ohh then what is the problem here with my setup. I have attached my border
router to switch 0/11. My border router traffic 500 Kbps in and 600 Kbps out
round about. I'm using Catalyst 3500 to mirror traffic for port 0/11 to SPAN
0/10.
but it's very strange for me IDS system traffic is not exceeding more than
40 Kbps or 70 Kbps. so If my border outer traffic is more than 500 K then my
IDS system traffic must be 500 K or more than that. logging is workign
properly on IDS for border router. I mean to say I can see traffic is coming
@ my IDS system via 0/11 port.

what could be wrong?

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

----- Original Message ----- 
From: "Faiz Ahmad Shuja" <faizshuja at ...5849...>
To: "'Ahmad Masood Shah'" <jahil at ...9835...>;
<snort-users at lists.sourceforge.net>
Sent: Thursday, August 14, 2003 2:53 AM
Subject: RE: [Snort-users] SPAN port packet related


| A copy of all the traffic on port 0/11 and 0/12 will be sent on port
| 0/10 by switch. It will send "everything" coming on these ports.
|
| Regards,
| Faiz
|
|
| -----Original Message-----
| From: snort-users-admin at lists.sourceforge.net
| [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ahmad
| Masood Shah
| Sent: Wednesday, August 13, 2003 12:48 PM
| To: snort-users at lists.sourceforge.net
| Subject: [Snort-users] SPAN port packet related
|
|
| 0/12. SPAN port
| is 0/10. my 0/11 port data is upto 1 Mbps. My question is that when
| switch will send packet information to my IDS via SPAN port  it will
| redirect all traffic or it will send simple packet header to IDS sensor.
|
| -- 
|
| Best Regs,
| Masood Ahmad Shah
|
|
|
| -------------------------------------------------------
| This SF.Net email sponsored by: Free pre-built ASP.NET sites including
| Data Reports, E-commerce, Portals, and Forums are available now.
| Download today and enter to win an XBOX or Visual Studio .NET.
| http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01
| /01
| _______________________________________________
| Snort-users mailing list
| Snort-users at lists.sourceforge.net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
|





More information about the Snort-users mailing list