Академический Документы
Профессиональный Документы
Культура Документы
http://geek00l.blogspot.com/2006/12/3com-3226-enable-port-mirroring...
Compartir
Siguiente blog
Crear un blog
Acceder
S U N D A Y, D E C E M B E R 1 7 , 2 0 0 6
ABOUT M E C. S . LE E
BLO G A RCHIVE
2011 (3) feature -> rovingAnalysis -> add|remove|start|stop|summary 3Com uses Roving Analysis as the term for the port mirroring, you will have to specify monitor port and analyzer port. Monitor port is the port you will want to monitor and analyzer port is the port to mirror traffic on monitor port. From my example I will monitor port 1 and its network traffic will be mirrored to the analyzer port which is port 25. Once I start monitoring, you can view the summary where roving analysis is enabled. By now you can just plug in your IDS sensor or traffic collector to port 25 of the switch and start your network security monitoring. Enjoy :] P/S: I by no mean promoting or selling 3Com product, this is just to help in case one has the same device or as my own reference.
POST ED BY C. S. L EE AT 12/ 17/ 20 06 11: 3 7: 00 PM
2010 (16) 2009 (23) 2008 (93) 2007 (200) 2006 (213) December (13) Regex - Magic for NetSe[x|c]Anal(yst)? Pro OpenSSH Merry Christmas Bro-IDS: Enable Full Content Data Logging 3Com 3226: Enable Port Mirroring Bro Offline Packet Analysis(DPD Enabled) Qemu Network on Linux
3 COMMENTS: Anonymous said... Hi thanks your post. Was wondering if you have had any experience with monitoring the 3com 3226 as you describe but finding larges 'holes' in your logging.... we might have a 24 hour log but have 2-3 hours where no logging is done at all - but there is definitely traffic to and from the port being mirrored? Anything you can advise would be greatly appreciated.... by the way there areno filters on our sniffing software we are using Wiresharp. 4/23/2007 08:42:00 P M
I know idiot is helpless Penang ICT Week Irresistable Honeysnap Ragrep More ... November (17) October (15) September (11)
1 de 3
http://geek00l.blogspot.com/2006/12/3com-3226-enable-port-mirroring...
geek00L said... anonymous, I assume wiresharp is wrong typo. It is better to use other tools instead of wireshark to perform data collection. Usually I only use wireshark for pcap analysis. So what are the other options? You can try out dumpcap from wireshark suite, daemonlogger or the ancient solid tcpdump. There are many reasons why sometimes logging process fail somewhere, You will have to check out the system and monitor them closely to catch the issue especially if you run multiple applications at the same time. 5/27/2007 10:13:00 A M Olav Langeland said... have a look at NTop from www.ntop.org for data collection and analyzing. great tool for displaying data traffic. 4/21/2008 11:46:00 P M Post a Comment Newer Post Home Older Post
August (15) July (14) June (15) May (18) April (18) March (25) February (27) January (25) 2005 (87)
NSM ALLIANCE
Sguil NSM Wiki OpenPacket Taosecurity Infosecpotpourri Inline Jontow Vodun Shirkdog Transporter Fifarek Ayoi Johncrackernet EatSec Enhancer
HE X A LLIA NCE
HITB A LLIANCE
2 de 3
http://geek00l.blogspot.com/2006/12/3com-3226-enable-port-mirroring...
Toady
BRO ZO NE
B S D P O RTS
3 de 3