Mailing List Archive

On Sat, 29 Nov 2003, Jonathan Nichols wrote:

> Can I enable "port mirroring" on a ServerIron XL? I have a host that's
> acting up and I'd like to mirror all of its traffic to another port so
> Snort can listen to it.


I've never tried it, but the manuals seem to indicate that you can.

Use the "mirror-port" command to define a mirror port, and
the "monitor on" command within the interface definition to specify
the port to be mirrored.

See http://www.foundrynet.com/services/documentation/siCLI/ServerIron_CLI_global_CONFIG.html#31529

Bruce.

>
> Thanks! :)
>
> -Jonathan
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

--
Bruce Rodger |Bruce.Rodger@strath.ac.uk PGP key available
Network Manager, IT Services |http://www.strath.ac.uk/IT/People/bruce.html
The University of Strathclyde | +44 (0)141 548 3300
Glasgow G4 0LN, Scotland. | Fax 553 4100

Look for the monitor and mirror commands, which in some versions of code
are at the interface level of the config, and in others are at the main
level.

-----Original Message-----
From: Jonathan Nichols [mailto:jnichols@pbp.net]
Sent: Saturday, November 29, 2003 9:46 PM
To: foundry-nsp@puck.nether.net
Subject: [f-nsp] Mirroring port - ServerIron XL

Greetings!
I've checked Google and this list's archives but haven't seen
this come
up. Foundry won't even give me the time of day unless I have a service
contract... and my question is (I think) simple.

Can I enable "port mirroring" on a ServerIron XL? I have a host that's
acting up and I'd like to mirror all of its traffic to another port so
Snort can listen to it.

Thanks! :)

-Jonathan

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp