Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
1
Replies

Read IPS IP Log file

helenio
Level 1
Level 1

‎03-05-2009 05:01 AM - edited ‎03-10-2019 04:32 AM

Hello, I have a IPS-SSM-20 (6.2.1) and I'm using IME 6.2 to manage it. On IME-> Configuration->Time Based-> IP Logging is possible to capture a particular IP traffic and download the file. Does someone know, once downloaded, how to read it ?

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎03-05-2009 08:28 AM

While I don't specifically remember "time based" capture, I have performed captures based on a source or destination IP address on the AIP-SSM modules. They are saved on the module in pcap format. This is a standard packet capture format used by any packet sniffer, such as Wireshark (free) http://www.wireshark.org/

Download the pcap and open with Wireshark. Make sure you try out the "follow TCP stream" option in Wireshark, it's great for following a single session.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card