Re: Ethernet Tap

["Bill Parker" <dogbert () netnevada net>]

----- Original Message ----- 
From: <TKaroutsos () bcsc bc ca>
To: "Matt Kettler" <mkettler () evi-inc com>
Cc: "STEVE MAKOUSKY" <SMAKOUS1 () FAIRVIEW ORG>;
<snort-users () lists sourceforge net>
Sent: Friday, August 13, 2004 3:03 PM
Subject: Re: [Snort-users] Ethernet Tap


> Thanks. Any idea on how many ports can be spanned to a single port on the
> Cisco switch? Could not find this info at Cisco's site.

A good way to do this is to make all the ports you want to monitor into a
VLAN (or multiple
VLAN's if you are trunking and doing InterVLAN routing), then you can set
the monitor port
to watch traffic on various vlans.  I do this at work so I can monitor any #
of VLAN's that
I need to (and saves me from having to type the number of ports I want to
mirror).  Just
make sure that the NIC you are using to connect to the monitor port is in
PROMISC mode
and preferably doesn't have an IP address assigned to it (makes sure that
you only see
valid traffic on your LAN).

Bill



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users