IDS mailing list archives
Re: CISCO IDS Packet capture
From: "James Fields" <jvfields () tds net>
Date: Tue, 6 Apr 2004 20:32:47 -0400
For each signature on a newer Cisco sensor, you have the ability to turn on and off the features called log, reset, and block. Log is the choice that causes it to capture. You then get the capture off the sensor using the web interface on the sensor. It will be in pcap format, readable with Ethereal or other analyzers that can read that format. ----- Original Message ----- From: "Strand, John" <John.Strand () mms gov> To: <focus-ids () securityfocus com> Sent: Friday, April 02, 2004 9:35 AM Subject: CISCO IDS Packet capture
Hello All, Does anyone know how to enable some level of packet capture and logging on the CISCO IDS system (the newer version which interfaces with CiscoWorks
and
can run on Win2K)? I have hunted through the CISCO provided PDF's and
their
a little on the light side. I also have hit the usual suspects, google, CISCO groups, etc.. Thanks in advance for any help. js --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- CISCO IDS Packet capture Strand, John (Apr 06)
- RE: CISCO IDS Packet capture Alex Arndt (Apr 08)
- RE: CISCO IDS Packet capture Chad R. Skipper (Apr 08)
- Re: CISCO IDS Packet capture James Fields (Apr 08)
- <Possible follow-ups>
- RE: CISCO IDS Packet capture Matt Vaughan (Apr 08)
- RE: CISCO IDS Packet capture Strand, John (Apr 08)
- RE: CISCO IDS Packet capture Billy Dodson (Apr 08)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- Re: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Jason Haar (Apr 15)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- RE: CISCO IDS Packet capture Terence Runge (Apr 08)