Chapter 15. Capturing Network Traffic

Previous page
Table of content
Next page

This chapter covers the following subjects:

  • Capturing Network Traffic

  • Capturing Traffic for Inline Mode

  • Capturing Traffic for Promiscuous Mode

  • Configuring SPAN for Catalyst 4500 and 6500 Traffic Capture

  • Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capture

  • Configuring VACLs for Catalyst 6500 Traffic Capture

  • Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewall

  • Advanced Catalyst 6500 Traffic Capture

Effectively using either the IPS or IDS functionality of your Cisco IPS involves making sure that the traffic to be monitored reaches your IPS sensors. This configuration varies depending on whether your sensors are configured for inline processing or promiscuous traffic processing. You can even configure a single sensor to perform inline processing in conjunction with promiscuous processing.

Using inline processing involves bridging traffic through the sensor between two separate VLANs. Each VLAN is connected to a separate sensor interface. With promiscuous processing, a single sensor interface passively collects network traffic. Configuring your system for both of these methods is vital to effectively protecting your network with Cisco IPS.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 15-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 15-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Capturing Traffic for Inline Mode

1, 8

Capturing Traffic for Promiscuous Mode

2, 3, 9

Configuring SPAN for Catalyst 4500 and 6500 Traffic Capture

5

Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capture

Configuring VACLs for Catalyst 6500 Traffic Capture

6, 10

Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewall

4, 7

Advanced Catalyst 6500 Traffic Capture

-


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

Operating in inline mode requires how many sensor interfaces?

  1. Two

  2. One

  3. Three

  4. One or two

  5. None of the above

2.

Which infrastructure device(s) enables your sensor to capture traffic by default?

  1. Switch

  2. Router

  3. Hub

  4. Firewall

  5. Switch and hub

3.

Which switch capture mechanism enables you to capture traffic from multiple Cisco switches?

  1. SPAN

  2. RSPAN

  3. Network tap

  4. VACLs

4.

Which switch capture mechanism requires special consideration when you use IOS Firewall functionality?

  1. VACLs

  2. SPAN

  3. RSPAN

  4. SPAN and RSPAN

  5. VACLs, SPAN, and RSPAN

5.

Which IOS command enables you to configure SPAN to capture network traffic?

  1. set span

  2. monitor session

  3. switchport trunk

  4. switchport span

  5. monitor span

6.

Which of the following is not a step in creating VACLs for IOS?

  1. Configure an ACL

  2. Commit VACL to memory

  3. Create a VLAN access map

  4. Configure capture ports

  5. Apply the access map to VLANs

7.

Which of the following is not a step in creating VACLs when you use IOS Firewall?

  1. Configure the extended ACL

  2. Assign the capture port

  3. Apply ACL to an interface or VLAN

  4. Apply the access map to VLANs

8.

Where do you need to create an artificial VLAN boundary to use inline mode?

  1. Between devices with virtual switch ports

  2. Between a router and a firewall

  3. Between a switch and a router

  4. Between a switch and a firewall

  5. Between two routers

9.

Which switch traffic capture mechanism uses ACLs to specify interesting traffic?

  1. SPAN

  2. RSPAN

  3. VACL

  4. SPAN and VACL

  5. SPAN, RSPAN, and VACL

10.

Which IOS command specifies the interface to receive the traffic from the VACL?

  1. switchport trunk

  2. switchport capture

  3. set security acl

  4. switchport acl

  5. set security capture

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score Read the entire chapter. This includes the "Foundation and Supplemental Topics" and "Foundation Summary" sections and the Q&A section.

  • 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.


Previous page
Table of content
Next page
CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Java for RPG Programmers, 2nd Edition
SQL Hacks
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy