IDSM-2 Packet Capture - Only Seeing Uni-Directional Traffic
To whom it may concern,
Good day; I hope everyone's week is going well thus far. I have a question regarding packet captures on an IDSM2. Often times when I perform a capture on an IDSM2, I only seeing one-side of the traffic; for example, I only see the return traffic from the destination. See below for an example; I attempted to ping an asset on the other side of the IPS sensor and I only see the echo reply traffic; not the echo request traffic originating from my workstation.
I see this when I capture through the CLI or IDM. Has anyone else seen this as well? Is there a trick to ensuring I am capturing the traffic bi-directionally? Thank you!
iull03m-1# packet display gigabitEthernet0/7 expression vlan 3 and host 10.xx.251.209
Warning: This command will cause significant performance degradation
tcpdump: WARNING: ge0_7: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge0_7, link-type EN10MB (Ethernet), capture size 65535 bytes
16:59:18.574409 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38677, length 40
16:59:19.576836 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38933, length 40
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...