Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

packet captures in version 6.0 and 6.1

what is the name of the capture file in the filesystem. In the cli it is called "file-info". We need to be able to pull the file from the sensor instead of using the copy commnad to push the file using the CLI.

2 REPLIES

Re: packet captures in version 6.0 and 6.1

I don't there there is any extension for the file. Have a look at this:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliPack.html#wp1034074

Regards

Farrukh

New Member

Re: packet captures in version 6.0 and 6.1

One of my co-workers found it. It is located in the directory /usr/cids/idsRoot/var and there will be 2 files associated with the capture:

-rw-r--r-- 1 root cids 8392 Jul 17 18:33 packet-file

-rw-r--r-- 1 cisco cids 135 Jul 17 18:33 packet-file.info

The packet-file.info contains information about the capture syntax used, start and stop time.

Captured by: cisco:9004, Cmd: packet capture gigabitEthernet0/2 count 60

Start: 2008/07/17 18:32:59 UTC, End: 2008/07/17 18:33:25 UTC

BTW IPlogs are kept in the directory:

/usr/cids/idsRoot/var/iplogs

111
Views
5
Helpful
2
Replies