cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
673
Views
3
Helpful
6
Replies

IDS as sniffer?

vikrantarora
Level 1
Level 1

Hod do I configure my CSPM to use my IDS as a sniffer. Is there a beginner's configuration guide on CSPM for IDS management. I have IDS and CSPM installed and tlaking oto each other,

6 Replies 6

rolands
Level 1
Level 1

I think you cant.

Use NAM for it.

Br

Rolands

Can you tell me how to use NAM to do so? We already have NAM installed and running fine but we are not using it much.

rzcisco
Level 1
Level 1

i think basic of a sniffer and a IDS is quite the same ,

but i geuss IDS is much more costomized for special use such is signiture triggers .

are u looking for some fun ?

have a search over " offensive use of IDS ", big corporation are spending money towards finind a solution to map networks located far from each others.

mike.braun
Level 1
Level 1

Yes, it can be done. Here is a link detailing how to do this.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2113/products_tech_note09186a00800941b3.shtml

The sniff can be triggered on a signature alert. The sniff will miss the first packet in the conversation, but you can still view this packet in the event viewer. I believe future versions of the IDS software will re-insert that first packet back into the sniff.

I have been through the link. But , I dont have the " PACKET CAPTURE DEVICE" selection option on my screen. Here are the versions of CSPM and IDS:

Sensor version is : 3.0(1)S4

CSPM version is : 2.3.3i

Please comment.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: