[Snort-users] Can snort analyze traffic from RSPAN port?

Mike Hale eyeronic.design at ...11827...
Thu Sep 12 11:45:55 EDT 2013


The security onion distro definitely can.   That's how I'm feeding it
traffic.   There might be a vlan detagging script in there.
 On Sep 12, 2013 8:17 AM, "Russ Combs" <rcombs at ...1935...> wrote:

> It just might, but it depends on what other encapsulations are present.
>
> It would be helpful if you could try it out and let us know your results.
> If it doesn't work, some pcaps would also help.
>
> Thanks
> Russ
>
>
>
> On Thu, Sep 12, 2013 at 8:17 AM, Diana Patricia Chila Murcia <
> dpchilam at ...11827...> wrote:
>
>> Hi,
>>
>> We are design the way we will send traffic to Snort´s sensors. We are
>> looking the option to configure a RSPAN in our switch, but we would like to
>> know if Snort can analyze traffic from RSPAN. Can you help me with this
>> doubt?
>>
>> Thanks a lot!
>>
>> Best regards
>>
>>
>> ------------------------------------------------------------------------------
>> How ServiceNow helps IT people transform IT departments:
>> 1. Consolidate legacy IT systems to a single system of record for IT
>> 2. Standardize and globalize service processes across IT
>> 3. Implement zero-touch automation to replace manual, redundant tasks
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130912/3ba94f5c/attachment.html>


More information about the Snort-users mailing list