In version 3.0 I use the command (snoop -d iprb0) to check the sniffing interface and see which subnet I am capture traffic from. And in version 4.0 I use the commands (tcpdump I eth0), so my question is what is the equivalent command in version 4.1?
The tcpdump command is the equivalent to the snoop command. The 3.x sensors ran on a sunOS platform which supports the snoop command. The 4.x sensors run on a linux OS that does not support the snoop command. Tcpdump is the linux equivalent to the SunSparc snoop command. You need to make sure that the 4.x sensor is not running the cids processes in order to run the tcpdump command however. Typically what we do is log into the 4.x sensor with the service account and "su -" to root. The root password is the same as the service account password. We then "cd /etc/init.d" and run "./cids stop", this stops the cids process and shuts down eth0. Then run "ifconfig eth0 up", which brings up the eth0 interface so you can sniff it. Run "tcpdump -i eth0" and this will start the snoop-like capture that you are familiar with. Ctrl C will kill the tcpdump session. When you are done you will need to "ifconfig eth0 down" to shut down the eth0 interface again and then run "/etc/init.d/cids start" to start the cids processes again so your sensor will process the traffic.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...