Simon336697
asked on
Using Ethereal or Snort on a Switched Network
Hi Guys!
Hope you can help.
Id like to set up snort on our switched network at work but I believe Im only getting packets coming to/from my machine when I set it up on my pc plus broadcast and multicast packets.
Ive read that if you have switches that support port mirroring (or as Cisco calls it, SPAN), that this is possible.
If I plugged my pc into a port that was set up for port mirroring (SPAN),
1) do all of our switches have to support port mirroring?
2) where would be the best place (we have heaps of switches) to configure this port mirroring and how would i add all ports from all switches to replicate traffic to this port so I could then sniff the wire?
3) how would you set up sniffing with snort to trap all packets from different subnets?
I know this is a lot...any help appreciated.
Thank you.
Simon
Hope you can help.
Id like to set up snort on our switched network at work but I believe Im only getting packets coming to/from my machine when I set it up on my pc plus broadcast and multicast packets.
Ive read that if you have switches that support port mirroring (or as Cisco calls it, SPAN), that this is possible.
If I plugged my pc into a port that was set up for port mirroring (SPAN),
1) do all of our switches have to support port mirroring?
2) where would be the best place (we have heaps of switches) to configure this port mirroring and how would i add all ports from all switches to replicate traffic to this port so I could then sniff the wire?
3) how would you set up sniffing with snort to trap all packets from different subnets?
I know this is a lot...any help appreciated.
Thank you.
Simon
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.