Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDSM-2 Packet Capture - Only Seeing Uni-Directional Traffic

To whom it may concern,

Good day; I hope everyone's week is going well thus far.  I have a question regarding packet captures on an IDSM2.  Often times when I perform a capture on an IDSM2, I only seeing one-side of the traffic; for example, I only see the return traffic from the destination.  See below for an example; I attempted to ping an asset on the other side of the IPS sensor and I only see the echo reply traffic; not the echo request traffic originating from my workstation.

I see this when I capture through the CLI or IDM.  Has anyone else seen this as well?  Is there a trick to ensuring I am capturing the traffic bi-directionally?  Thank you!

iull03m-1# packet display gigabitEthernet0/7 expression vlan 3 and host 10.xx.251.209

Warning: This command will cause significant performance degradation

tcpdump: WARNING: ge0_7: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on ge0_7, link-type EN10MB (Ethernet), capture size 65535 bytes

16:59:18.574409 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38677, length 40

16:59:19.576836 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38933, length 40

2 packets captured

212 packets received by filter

62 packets dropped by kernel

422
Views
0
Helpful
0
Replies