Re: Snoop on Cisco IDS (Was: CISCO IDS Packet capture)
From: Jason Haar (Jason.Haar_at_trimble.co.nz)
Date: 04/15/04
- Previous message: Jim Conner: "RE: Sourcefire IDS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Apr 2004 07:05:03 +1200 To: focus-ids@securityfocus.com
On Thu, Apr 08, 2004 at 03:11:20PM -0400, Alex Arndt wrote:
> The new version (v4.0 or newer) runs on top of Red Hat Linux, so
> it would use tcpdump instead of snoop. Unfortunately, just as Chad
> Skipper pointed out in another reply, you can't run the IDS software
> and tcpdump at the same time (unlike snoop and IDS in v3.1 and older)
Does anyone know why that is?
I routinely run tcpdump, snort and ethereal simultaneously on the same
interface under Linux. The pcap stuff takes care of any issues, so what's so
different about Cisco's "Linux"?
-- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Jim Conner: "RE: Sourcefire IDS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
