[Snort-users] Remotely monitor a switch port...

Chris Calaf ccalaf at ...11291...
Tue Feb 24 10:36:01 EST 2004


If your switches support netflows(cisco)

 

http://www.caida.org/tools/utilities/flowscan/
<http://www.caida.org/tools/utilities/flowscan/> 

 

http://www.splintered.net/sw/flow-tools/
<http://www.splintered.net/sw/flow-tools/> 

 

 

  _____  

From: Ridlon, Michael [mailto:michael.ridlon at ...11261...] 
Sent: Tuesday, February 24, 2004 10:59 AM
To: JP Vossen
Cc: Snort Users List
Subject: Re: [Snort-users] Remotely monitor a switch port...

 

I am currently using MRTG to log the overall throughput of 19 buildings.  I
haven't read anything that describes how MRTG can log protocol information.
Can it?
If not, do you know of a product that can WITHOUT using a mirrored port?
Thanks,
Mike

On Mon, 2004-02-23 at 23:59, JP Vossen wrote: 

> From: "Ridlon, Michael" <michael.ridlon at ...11261...>
> To: snort-users at lists.sourceforge.net
> Date: 23 Feb 2004 15:02:52 -0500
> Subject: [Snort-users] Remotely monitor a switch port...
> 
> I want to gather protocol information so I can graph usage percentages
> for all the protocols going through the port.  Also Percent of traffic
> to local lan vs. to off-site.
> 
> Can this be done with snort?
 
Maybe, but you'd probably be better off using MRTG: The Multi Router Traffic
Grapher.
 
<http://www.google.com/url?sa=U&start=1&q=http://people.ee.ethz.ch/~oetiker/
webtools/mrtg/&e=747>
http://www.google.com/url?sa=U&start=1&q=http://people.ee.ethz.ch/~oetiker/w
ebtools/mrtg/&e=747
 
Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|        <http://www.jpsdomain.org/>
http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?

 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040224/38151557/attachment.html>


More information about the Snort-users mailing list