07-16-2009 06:54 AM - edited 03-10-2019 04:42 AM
Is TCPDUMP operation, simular to Sindwinder FW (example below), possible using the ASA 5520 and AIP-SSM-10 (IPS) module? Reference and response to my question are appreciated.
â¢tcpdump options for DNS
-Internal burb: tcpdump -ntpi em0 port 53
-External burb: tcpdump -ntpi em1 port 53
tcpdump options for SMTP:
Internal burb: tcpdump -ntpi em0 port 25
External burb: tcpdump -ntpi em1 port 25
Solved! Go to Solution.
07-17-2009 08:46 AM
You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.
http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857
If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.
07-17-2009 08:46 AM
You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.
http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857
If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.
07-17-2009 10:19 AM
Thanks, Rhermes; your reference is appreciated. IPLog; need to try this command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide