RE: CISCO IDS Packet capture
From: Strand, John (John.Strand_at_mms.gov)
Date: 04/06/04
- Previous message: Matt Vaughan: "RE: CISCO IDS Packet capture"
- Maybe in reply to: Strand, John: "CISCO IDS Packet capture"
- Next in thread: Terence Runge: "RE: CISCO IDS Packet capture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Scherer, Brian'" <BScherer@dialamerica.com>, focus-ids@securityfocus.com Date: Tue, 6 Apr 2004 08:56:42 -0600
First off, thanks for all of your responses thus far.
I am currently looking into what Paul Schnake sent me. It looks like it
might be what I need..
I am looking to see if the system can log the export the offending packet.
Within that I would like to see at least the header information, and as an
added bonus maybe some of the payload to be sifted through tcpdump or
ethereal. We have been using the context buffer for a while and that is
great, however in some situations we wanted to see more data.
-----Original Message-----
From: Scherer, Brian [mailto:BScherer@dialamerica.com]
Sent: Tuesday, April 06, 2004 8:44 AM
To: Strand, John
Subject: RE: CISCO IDS Packet capture
I didn't know you could do a packet capture with the IDS but I know if
you go into security monitor then event viewer, if you right click on
sig name you can view the context buffer. What type of logging are you
trying to do?
-Brian-
-----Original Message-----
From: Strand, John [mailto:John.Strand@mms.gov]
Sent: Friday, April 02, 2004 8:36 AM
To: focus-ids@securityfocus.com
Subject: CISCO IDS Packet capture
Hello All,
Does anyone know how to enable some level of packet capture and logging
on the CISCO IDS system (the newer version which interfaces with
CiscoWorks and can run on Win2K)? I have hunted through the CISCO
provided PDF's and their a little on the light side. I also have hit the
usual suspects, google, CISCO groups, etc..
Thanks in advance for any help.
js
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Matt Vaughan: "RE: CISCO IDS Packet capture"
- Maybe in reply to: Strand, John: "CISCO IDS Packet capture"
- Next in thread: Terence Runge: "RE: CISCO IDS Packet capture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
