Read IPS IP Log file

Unanswered Question
Mar 5th, 2009

Hello, I have a IPS-SSM-20 (6.2.1) and I'm using IME 6.2 to manage it. On IME-> Configuration->Time Based-> IP Logging is possible to capture a particular IP traffic and download the file. Does someone know, once downloaded, how to read it ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Thu, 03/05/2009 - 08:28

While I don't specifically remember "time based" capture, I have performed captures based on a source or destination IP address on the AIP-SSM modules. They are saved on the module in pcap format. This is a standard packet capture format used by any packet sniffer, such as Wireshark (free) http://www.wireshark.org/

Download the pcap and open with Wireshark. Make sure you try out the "follow TCP stream" option in Wireshark, it's great for following a single session.

Actions

This Discussion