07-16-2009 06:54 AM - edited 03-10-2019 04:42 AM
Is TCPDUMP operation, simular to Sindwinder FW (example below), possible using the ASA 5520 and AIP-SSM-10 (IPS) module? Reference and response to my question are appreciated.
â¢tcpdump options for DNS
-Internal burb: tcpdump -ntpi em0 port 53
-External burb: tcpdump -ntpi em1 port 53
tcpdump options for SMTP:
Internal burb: tcpdump -ntpi em0 port 25
External burb: tcpdump -ntpi em1 port 25
Solved! Go to Solution.
07-17-2009 08:46 AM
You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.
http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857
If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.
07-17-2009 08:46 AM
You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.
http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857
If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.
07-17-2009 10:19 AM
Thanks, Rhermes; your reference is appreciated. IPLog; need to try this command.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: