The IDS-4210's sensing interface is iprb0 (that's the lower RJ-45 connector). To test whether the sensor's sniffing interface is seeing traffic, connect iprb0 to a shared hub (or a spanned port on a switched hub) that has some activity. Then (as root) enter at the shell prompt:
# snoop -d iprb0
As packets are seen on the interface, they will be displayed on the screen. Hit ctrl-C to stop the display.
If you are unable to see traffic, contact the TAC. You may have a bad sensor.
If nothing is displayed, then the sensor has not been configured. Follow the instructions for configuring the sensor using sysconfig-sensor choice 6 (or if you are using CSPM or IDS Director, follow those instructions instead). The correct value for NameOfPacketDevice should be "/dev/iprb0".
Unfortunately, it has activity on the iprb0 interface and the value for NameOfPacketDevice is /dev/iprb0. But! The snoop shows the following traffic!(126.96.36.199 is my CSPM kshsensor is the sensor) It is strange, that only this traffic can the Sensor notice. The sniffing and the comman&controll interface is in the same LAN segment! (Just for testing).
Is the packetd daemon running? (You can use nrstatus to determine this.) If not, then use your management application to enable it. Verify that the traffic you are generating on the segment (I assume that the Sensor and Director are plugged into the same hub) will trigger an alarm, that the signature is enabled and that its alarm level is greater than the minimum log level.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...