Hi, I'm looking for a little help. I am attempting to install a snort box on my network, and want to copy traffic from the rest of the switch to the snort box (this is not a final configuration I just want to get it in a testable state using a repurposed old workstation before building a production snort system.) The network goes through a Catalyst 3560 switch. Port 1 goes to a Cisco ASA device, which in turn connects to the net, Port 47 goes to an unmanaged dell switch. Port 5 goes to the snort box. I have tried configuring it through the network assistant, and also using the following through IOS: No monitor session 1 monitor session 1 source interface fastethernet 0/1 monitor session 1 destination interface fastethernet 0/5 encapsulation replicate end Afterward show monitor session 1 shows: Type: Local Session Source Ports: Both: Fa0/1 Destination Ports: Fa0/5 Encapsulation: Replicate Ingress: Disabled I'm running Wireshark (Etheral) on the snort box, eth0 is running in promiscuous mode. When I ping the snort box directly, it shows up in wireshark. When any of the other systems ping each other on the switch, it does not detect it, nor does it detect any other traffic that should be showing up outside of broadcasts and the like. I've also configured the above using the vlan, using multiple ports, using two specific systems I had pinging each other, etc. No luck. Any advice on what portion of the above is misconfigured? Or how best to accomplish this?
- posted
17 years ago