[Snort-users] How To Mirror/Monitor T1 and VPN Traffic w/Cisco Routers?
mkettler at ...4108...
Mon Oct 4 11:31:15 EDT 2004
At 11:09 AM 10/4/2004, McCash, John wrote:
> Is there a way to have a router span or mirror traffic to
>another interface the same way that a switch can? Or can it somehow
>directly copy the datastream to somewhere else on the LAN?
AFAIK the cisco IOS routers do not have any ability to do this.
Unlike a switch, where copying a packet to multiple ports is a matter of
normal behavior, a router doesn't have the hardware to support this
multi-copy behavior. It's also much easier to do mulit-destination when all
your ports are the same kind of hardware and don't require different
If your model does support it, it will likely be configured with the same
span commands as in their switches (monitor session). It may also be
restricted to doing this between like types of interfaces. I'd be highly
surprised (and impressed) if cisco IOS supported mirroring traffic from a
T1 to an ethernet card.
More information about the Snort-users