02-13-2006 02:19 AM - edited 03-09-2019 01:54 PM
Hi,
I've got CiscoWorks LMS2.5 (Dec2k5) up and running soundly and our security guys would like us to regularly audit the network traffic (sniff and review packets).
Is it possible to setup Ciscoworks to regularly run packet captures on devices?
Our network only has about 25 switches so we don't want to fork out for a full IDS.
Thanks in advance..
02-16-2006 11:39 AM
Why don't you go for SPAN or RSPAN for packet monitoring?. This SPAN actually monitors the traffic. This enables one port to monitor the rest.
Hope this document will help you out in configuring SPAN and RSPAn.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12220se/3560scg/swspan.htm
02-20-2006 12:00 AM
Thanks - yes I do already have a SPAN port setup - which is how we use the Packet Capture feature. I was hoping there might be a way of regularly running a capture.... If not i'll just end up writing a tcpdump script in php.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide