Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Finding Port Sniffing

Hi. We have an NM-CIDS in a 3845.

We have a specific issue we need to address on our network and we believe the IPS can help.

We are receiving complaints from our ISP that malicious activity (port scanning) is coming from our network. We need the IPS to check traffic both in and out our network.

Although working with Cisco a long time [ten years], the module is new to me. Is this objective even possible to isolate?



Re: Finding Port Sniffing

Cisco CallManager Administration supports the following Cisco IOS MGCP gateways with configurable settings for Packet Capture Mode and Packet Capture Duration on a per-port basis in the Gateway Configuration window of 38XX series including 3825 and 3845.


Re: Finding Port Sniffing

Sure, port scanning detection are common signatures in just about all releases of the IDS/IPS signatures. If you want to get creative, you can even cook up a custom sig to look for port scans by copying one of the existing signature parameters.

To get you started, here is the hardware installation (in case you havn't done this yet)

Next do the router config of the NM-CIDS:

And finally you need to run the IDS/IPS setup (works like a router's setup program) Then you should be able to talk to the sensor vis the Web GUI to finish the sensor config, tune your signatures, see your events, etc.

CreatePlease login to create content