Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Capturing Packets

Is there any way to capture the packet(s) that trigger an alert using the Secure IDS director and/or sensors? I cannot find any documentation relating to this. Thanks in advance.

3 REPLIES
Cisco Employee

Re: Capturing Packets

CS IDS 3.0 will FCS this month and will support TCP dump that will allow the user to replay IP sessions.

Regards,

-Mun

IDS Product Manager

Cisco Employee

Re: Capturing Packets

The IP Logging feature may be what you are looking for. The IDS can be set up to take an action of log for any signature event. This will cause the sensor to log all packets that are transmitted or received by the suspect attacking host from the point of an alarm on.

The sensor can also be set up to log all traffic from or to any given host as a matter of course, however this will have a negative impact on the perfromance of the sensor due to the overhead of writing packets to the disk.

New Member

Re: Capturing Packets

Re: Logging all traffic to or fro a given host.

Where is this documented? I couldn't find it. Is this done via CSPM?

Giovanni

181
Views
0
Helpful
3
Replies
CreatePlease to create content