RE: Cisco IDS and snoop

From: Munroe, Brian (bmunroe@Calence.com)
Date: 11/30/01 

Message-ID: <B3A70D48BAB5C744B4215D2A5DC5B0DE1B3C77@phxml01.calence.com>
From: "Munroe, Brian" <bmunroe@Calence.com>
To: focus-ids <focus-ids@securityfocus.com>
Subject: RE: Cisco IDS and snoop
Date: Fri, 30 Nov 2001 14:45:09 -0700

Login as root and issue the following command:

snoop -d spwr0

The IDS will respond with the following:

Using device /dev/spwr (promiscuous mode)

<connections etc. will scroll up the screen>

-Brian

-----Original Message-----
From: Beckett, Steven [mailto:steven.beckett@nmci-isf.com]
Sent: Friday, November 30, 2001 10:02 AM
To: focus-ids
Subject: Cisco IDS and snoop

Here's a real quick one...

What's the command line and switches to run snoop on a Cisco IDS
sensor's LISTENING interface?

(This is a reality check for me, as I get an error when I use what I
thought it was.)

Thanks,
J-

Relevant Pages

  • Re: Cisco IDS and snoop
    ... The surest method is to ssh to the sensor, su to root, run snoop -d ... spwr0 and watch every packet that crosses the wire into spwr0. ... > What's the command line and switches to run snoop on a Cisco IDS ...
    (Focus-IDS)
  • Cisco IDS and snoop
    ... What's the command line and switches to run snoop on a Cisco IDS ... sensor's LISTENING interface? ...
    (Focus-IDS)
  • snoop command
    ... I'm running on Solaris server the "snoop" command twice: ... second to standard output: snoop -d hme2 ... How can I run it in one command statement? ...
    (SunManagers)
  • Re: watch user commands
    ... Hmm...this sounds rather like the TANDEM command on the ADDS Mentor version ... session to another session - ... There was a similiar command (SNOOP?) I believe on the DEC-10 ...
    (alt.linux)
  • Re: System freezes with high NFS activity
    ... process blocks. ... Running the same "make" command on a Linux computer, ... have now tried "snoop", and it shows quite a few packets marked NFS, ...
    (comp.unix.solaris)
Quantcast