<html><head></head><body><div>Sniffing VLAN Traffic correct. However, the particular brand of layer 3 switches does offer VLAN port mirroring so not sure where Suricata could sniff VLAN traffic in the switch stack. The stack does offer regular or traditional port mirroring. If we do many to 1 port mirroring, concerned that sniffing may be overwhelming. I don't know. Maybe not. Each switch has VLANs split across them.</div><div><br></div><div>We thought VLAN mirroring would be easier to see all the traffic across multiple VLANS even if we monitor one VLAN. It would see traffic when systems communicate to systems on a VLAN we are not sniffing but not sure we would see all traffic that way.<br></div><div><br></div><div>Thanks.<br></div><br><font size="2" face="Arial">Leonard </font><br><br><br><div><strong>
From:
</strong>
Peter Manev <petermanev@gmail.com>
<br>
<strong>
To:
</strong>
Leonard Jacobs <ljacobs@netsecuris.com>
<br>
<strong>
Cc:
</strong>
oisf-users <oisf-users@openinfosecfoundation.org>
<br>
<strong>
Sent:
</strong>
12/5/2018 2:24 AM
<br>
<strong>
Subject:
</strong>
Re: [Oisf-users] Using Suricata in Multi-vlan network environment
<br><br><blockquote class="mori" style="margin:0 0 0 .8ex;border-left:1px solid #CCC;padding-left:1ex;">On Mon, Dec 3, 2018 at 10:19 PM Leonard <ljacobs@netsecuris.com> wrote:
<br>>
<br>> How would you suggest using in a network environment where a set of layer 3 switches are used to build multiple VLANs? The VLANs separate servers from PCs.
<br>>
<br>
<br>In what way you mean? (just sniffing vlan traffic ?) Suricata can
<br>utilize vlan tracking -
<br>https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L1237
<br>
<br>Thank you
<br>
<br>
<br>--
<br>Regards,
<br>Peter Manev
<br></blockquote></div><BR />
<BR />
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this email in error please notify Netsecuris management at mgmt@netsecuris.com. Please note that any views or opinions presented in
this email are solely those of the author and do not necessarily
represent those of Netsecuris Inc. The integrity and
security of this message cannot be guaranteed on the Internet
<BR />
</body></html>