02-12-2007 01:15 PM - edited 03-10-2019 03:27 AM
one of my network engineers has asked if I can use our IPS device as a sniffer to identify specific host to host traffic via a specific port. I am somewhat new to IPS and am looking for some direction
Thanks,
Dave
02-16-2007 01:00 PM
Yes, you can use an IPS for sniffing the packets. Refer the following URL for more information,
02-16-2007 01:21 PM
Yes, but there are some limitations. Probably the best way to do this is via the CLI. Login with a normal account on the sensor (not a service account). Use the packet capture command:
sensor# packet capture gigabitEthernet0/0 expression
where
sensor# packet capture gigabitEthernet0/0 expression host 192.168.1.1 and port 80
To get the capture off the sensor, use the "copy packet-file" command. The biggest limitation is the size. I think it's something like 15MB, which isn't always big enough.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide