RE: CISCO IDS Packet capture

From: Billy Dodson (billy_at_pmm-i.com)
Date: 04/06/04

  • Next message: christian graf: "NIPS Vendors explicit answer" 
    Date: Tue, 6 Apr 2004 08:34:22 -0500
To: "Strand, John" <John.Strand@mms.gov>, <focus-ids@securityfocus.com>

    I am uncertain if this is possible. You can run a snoop command from
    the shell and watch data. If you tried to log all that data on the IDS
    itself the hd would fill up in a matter of minutes. There might be a
    way to log it to a syslog server or something of that nature, but I have
    never tried. But if you just want to watch the data in real time you
    can run that snoop command.

    Billy Dodson
    Network Systems Engineer
    Permian Micro Mart
    3815 E. 52nd Street
    Odessa, TX 79762
    432.367.3239 - Direct Line
    432.367.6179 x139

    -----Original Message-----
    From: Strand, John [mailto:John.Strand@mms.gov]
    Sent: Friday, April 02, 2004 7:36 AM
    To: focus-ids@securityfocus.com
    Subject: CISCO IDS Packet capture

    Hello All,

    Does anyone know how to enable some level of packet capture and logging
    on the CISCO IDS system (the newer version which interfaces with
    CiscoWorks and can run on Win2K)? I have hunted through the CISCO
    provided PDF's and their a little on the light side. I also have hit the
    usual suspects, google, CISCO groups, etc..

    Thanks in advance for any help.

    js

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: christian graf: "NIPS Vendors explicit answer"