Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
3
Replies

Capturing Packets

a.wilmeth
Level 1
Level 1

‎06-11-2001 10:56 AM - edited ‎03-08-2019 08:21 PM

Is there any way to capture the packet(s) that trigger an alert using the Secure IDS director and/or sensors? I cannot find any documentation relating to this. Thanks in advance.

Labels:
0 Helpful
3 Replies 3

mhossain
Cisco Employee
Cisco Employee

‎06-11-2001 02:34 PM

CS IDS 3.0 will FCS this month and will support TCP dump that will allow the user to replay IP sessions.

Regards,

-Mun

IDS Product Manager

0 Helpful

klwiley
Cisco Employee
Cisco Employee

‎06-13-2001 10:52 AM

The IP Logging feature may be what you are looking for. The IDS can be set up to take an action of log for any signature event. This will cause the sensor to log all packets that are transmitted or received by the suspect attacking host from the point of an alarm on.

The sensor can also be set up to log all traffic from or to any given host as a matter of course, however this will have a negative impact on the perfromance of the sensor due to the overhead of writing packets to the disk.

0 Helpful

giovanni
Level 1
Level 1
In response to klwiley

‎06-13-2001 11:08 AM

Re: Logging all traffic to or fro a given host.

Where is this documented? I couldn't find it. Is this done via CSPM?

Giovanni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents