Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
5
Helpful
2
Replies

IPS 4255 - Network Sniffer?

davegon69
Level 1
Level 1

‎02-12-2007 01:15 PM - edited ‎03-10-2019 03:27 AM

one of my network engineers has asked if I can use our IPS device as a sniffer to identify specific host to host traffic via a specific port. I am somewhat new to IPS and am looking for some direction

Thanks,

Dave

Labels:
0 Helpful
2 Replies 2

s.jankowski
Level 4
Level 4

‎02-16-2007 01:00 PM

Yes, you can use an IPS for sniffing the packets. Refer the following URL for more information,

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517b1.html

0 Helpful

mhellman
Level 7
Level 7

‎02-16-2007 01:21 PM

Yes, but there are some limitations. Probably the best way to do this is via the CLI. Login with a normal account on the sensor (not a service account). Use the packet capture command:

sensor# packet capture gigabitEthernet0/0 expression

where is a tcpdump expression. So:

sensor# packet capture gigabitEthernet0/0 expression host 192.168.1.1 and port 80

To get the capture off the sensor, use the "copy packet-file" command. The biggest limitation is the size. I think it's something like 15MB, which isn't always big enough.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card