Chapter 4. Capturing Network Traffic for Intrusion Detection Systems

[ LiB ]  

Terms you'll need to understand:

  • Switched Port Analyzer (SPAN)

  • Remote SPAN (RSPAN)

  • Virtual LAN (VLAN) access control lists (VACLs)

  • Source ports

  • Destination port (mirroring port/capture port/SPAN port)

  • Sensor command and control port

  • Sensor monitoring port

  • port monitor commands

  • monitor session commands

  • set span commands

  • set security acl commands

  • Ingress SPAN

  • Egress SPAN

  • Transmission Control Protocol (TCP) reset

  • match clause

  • action clause

Techniques you'll need to master:

  • Configuring SPAN

  • Configuring RSPAN

  • Using the 2900 and 3500 series switch port monitor commands

  • Using 2950 and 3550 series switch monitor session commands

  • Configuring the Router IOS

  • Using the Catalyst 4000, 4500, and 6500 series set span commands

  • Configuring VACLs

  • Configuring a multilayer switch (MLS) IP intrusion detection system (IDS)

Traffic must be captured before it can be processed and analyzed by the IDS infrastructure. This chapter lists the various devices involved in traffic capture and describes the techniques that you can use to control and specify the capture of traffic as it flows through network devices. The chapter then presents and discusses the configuration commands you need to implement traffic capture techniques on Cisco Catalyst switches.

[ LiB ]  


CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net