Is TCPDUMP operation, simular to Sindwinder FW (example below), possible using the ASA 5520 and AIP-SSM-10 (IPS) module? Reference and response to my question are appreciated.
â¢tcpdump options for DNS
-Internal burb: tcpdump -ntpi em0 port 53
-External burb: tcpdump -ntpi em1 port 53
tcpdump options for SMTP:
Internal burb: tcpdump -ntpi em0 port 25
External burb: tcpdump -ntpi em1 port 25
You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.
If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.