Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a SPAN port receiving data from multiple VLANs on a switch. The SPAN port is connected to the sensing interface on a 4250 IDS sensor. I am seeing multiple copies of the same packets when I run snoop on the sensor. I am assuming that what I'm ...
Can anyone give me an idea of the performance hit that would result in running snoop on the sensing interface of a Cisco IDS (4250) at the same time that the sensor is performing intrusion detection. I would like to run some snoop captures but am wor...
I know that a Cisco IDS can inject a TCP RST into a SPAN port in order to kill a connection. My question is: Will this technique work only when you are SPANing switch ports, or will it also work when SPANing VLANs? I was told that this is not possib...
I am having a problem getting my IDS to see any packets coming from the SPAN port on my 2950 switch running IOS 12.0(5.3). Although the span port light is blinking like crazy, and I know 35 Mbits of data are flowing through the monitored ports, all I...
Thanks for the great reply - according to the network architect we are not SPANing ports, we are SPANing VLANs, as outlined in http://www.cisco.com/warp/public/473/41.html#local.The switch is a 6513 with MSFC.Do your recommendations still apply?Rega...
Thanks for the quick reply - I'm aware of the option of using iplogging via packetd but I require more flexibility when capturing data (i.e. boolean operators). Also, I would be capturing to a file. It sounds like this would represent a significant ...
Chat programs are easy to detect and block, unlike P2P protocols. See the folowing links for info:http://www.infosecuritymag.com/2002/aug/cover.shtmlhttp://documents.iss.net/whitepapers/X-Force_P2P.pdfJeff