Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
2
Replies

ASA 5520 Infiltration of DNS query

Go to solution
tsha515151
Level 1
Level 1

‎07-16-2009 06:54 AM - edited ‎03-10-2019 04:42 AM

Is TCPDUMP operation, simular to Sindwinder FW (example below), possible using the ASA 5520 and AIP-SSM-10 (IPS) module? Reference and response to my question are appreciated.

•tcpdump options for DNS

-Internal burb: tcpdump -ntpi em0 port 53

-External burb: tcpdump -ntpi em1 port 53

tcpdump options for SMTP:

Internal burb: tcpdump -ntpi em0 port 25

External burb: tcpdump -ntpi em1 port 25

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhermes
Level 7
Level 7

‎07-17-2009 08:46 AM

You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.

http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857

If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rhermes
Level 7
Level 7

‎07-17-2009 08:46 AM

You can use the iplog command to capture a PCAP file on the AIP-SSM module (assuming you've sent the traffic you with to cpature to or through the AIP-SSM IPS module). It will capture based on the source IP address.

http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp466857

If you want TCPdump granularity, make a service account on the sensor, log into the Linux system, su to root and tcpdump away.

0 Helpful

Go to solution
tsha515151
Level 1
Level 1
In response to rhermes

‎07-17-2009 10:19 AM

Thanks, Rhermes; your reference is appreciated. IPLog; need to try this command.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card