Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
5
Helpful
2
Replies

packet captures in version 6.0 and 6.1

5creedus
Level 1
Level 1

‎07-16-2008 02:50 PM - edited ‎03-10-2019 04:12 AM

what is the name of the capture file in the filesystem. In the cli it is called "file-info". We need to be able to pull the file from the sensor instead of using the copy commnad to push the file using the CLI.

Labels:
0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-17-2008 03:38 AM

I don't there there is any extension for the file. Have a look at this:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliPack.html#wp1034074

Regards

Farrukh

0 Helpful

5creedus
Level 1
Level 1
In response to Farrukh Haroon

‎07-17-2008 10:42 AM

One of my co-workers found it. It is located in the directory /usr/cids/idsRoot/var and there will be 2 files associated with the capture:

-rw-r--r-- 1 root cids 8392 Jul 17 18:33 packet-file

-rw-r--r-- 1 cisco cids 135 Jul 17 18:33 packet-file.info

The packet-file.info contains information about the capture syntax used, start and stop time.

Captured by: cisco:9004, Cmd: packet capture gigabitEthernet0/2 count 60

Start: 2008/07/17 18:32:59 UTC, End: 2008/07/17 18:33:25 UTC

BTW IPlogs are kept in the directory:

/usr/cids/idsRoot/var/iplogs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card