[nsp] 6509 & Snort
Dan Oliver
olivds at go-concepts.com
Wed Feb 25 08:43:51 EST 2004
Yes. It can forward traffic by port or vlan. The commands are a little
different though depending on whether you are running Native IOS or
Hybrid.
In Native IOS it is something like this assuming Fast 5/1 is the port
you want to watch (it is the port connected to your other router) and
Fast 4/5 is your Snort box:
monitor session 1 source interface Fa5/1
monitor session 1 destination interface Fa4/5
There are several other variations of this command.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconf
ig/span.htm
Thanks,
D.O.
Dan Oliver, CCNA
GO Concepts, Inc.
513-934-2800 / 888-ON-GO-YET
http://www.go-concepts.com/
On GO yet?
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Rieman, Jeff
Sent: Wednesday, February 25, 2004 8:34 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] 6509 & Snort
I am experiencing with snort and a 6509. The documentation shows where
the snort server should sit between 2 routers to capture all the traffic
that passes between them. I would like to capture all the traffic that
goes through the 6509. Is there a way to put a 10/100 port in a mode
where it forwards all the packets to that port also?
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list