[ LiB ] |
Terms you'll need to understand:
Switched Port Analyzer (SPAN)
Remote SPAN (RSPAN)
Virtual LAN (VLAN) access control lists (VACLs)
Source ports
Destination port (mirroring port/capture port/SPAN port)
Sensor command and control port
Sensor monitoring port
port monitor commands
monitor session commands
set span commands
set security acl commands
Ingress SPAN
Egress SPAN
Transmission Control Protocol (TCP) reset
match clause
action clause
Techniques you'll need to master:
Configuring SPAN
Configuring RSPAN
Using the 2900 and 3500 series switch port monitor commands
Using 2950 and 3550 series switch monitor session commands
Configuring the Router IOS
Using the Catalyst 4000, 4500, and 6500 series set span commands
Configuring VACLs
Configuring a multilayer switch (MLS) IP intrusion detection system (IDS)
Traffic must be captured before it can be processed and analyzed by the IDS infrastructure. This chapter lists the various devices involved in traffic capture and describes the techniques that you can use to control and specify the capture of traffic as it flows through network devices. The chapter then presents and discusses the configuration commands you need to implement traffic capture techniques on Cisco Catalyst switches.
[ LiB ] |