Re: CISCO IDS Packet capture
From: James Fields (jvfields_at_tds.net)
Date: 04/07/04
- Previous message: Chad R. Skipper: "RE: CISCO IDS Packet capture"
- In reply to: Strand, John: "CISCO IDS Packet capture"
- Next in thread: Alex Arndt: "RE: CISCO IDS Packet capture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Strand, John" <John.Strand@mms.gov>, <focus-ids@securityfocus.com> Date: Tue, 6 Apr 2004 20:32:47 -0400
For each signature on a newer Cisco sensor, you have the ability to turn on
and off the features called log, reset, and block. Log is the choice that
causes it to capture. You then get the capture off the sensor using the web
interface on the sensor. It will be in pcap format, readable with Ethereal
or other analyzers that can read that format.
----- Original Message -----
From: "Strand, John" <John.Strand@mms.gov>
To: <focus-ids@securityfocus.com>
Sent: Friday, April 02, 2004 9:35 AM
Subject: CISCO IDS Packet capture
>
> Hello All,
>
> Does anyone know how to enable some level of packet capture and logging on
> the CISCO IDS system (the newer version which interfaces with CiscoWorks
and
> can run on Win2K)? I have hunted through the CISCO provided PDF's and
their
> a little on the light side. I also have hit the usual suspects, google,
> CISCO groups, etc..
>
> Thanks in advance for any help.
>
>
> js
>
> --------------------------------------------------------------------------
-
>
> --------------------------------------------------------------------------
-
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Chad R. Skipper: "RE: CISCO IDS Packet capture"
- In reply to: Strand, John: "CISCO IDS Packet capture"
- Next in thread: Alex Arndt: "RE: CISCO IDS Packet capture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
