Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

IDS as sniffer?

Hod do I configure my CSPM to use my IDS as a sniffer. Is there a beginner's configuration guide on CSPM for IDS management. I have IDS and CSPM installed and tlaking oto each other,

6 REPLIES
New Member

Re: IDS as sniffer?

I think you cant.

Use NAM for it.

Br

Rolands

New Member

Re: IDS as sniffer?

Can you tell me how to use NAM to do so? We already have NAM installed and running fine but we are not using it much.

New Member
New Member

Re: IDS as sniffer?

i think basic of a sniffer and a IDS is quite the same ,

but i geuss IDS is much more costomized for special use such is signiture triggers .

are u looking for some fun ?

have a search over " offensive use of IDS ", big corporation are spending money towards finind a solution to map networks located far from each others.

New Member

Re: IDS as sniffer?

Yes, it can be done. Here is a link detailing how to do this.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2113/products_tech_note09186a00800941b3.shtml

The sniff can be triggered on a signature alert. The sniff will miss the first packet in the conversation, but you can still view this packet in the event viewer. I believe future versions of the IDS software will re-insert that first packet back into the sniff.

New Member

Re: IDS as sniffer?

I have been through the link. But , I dont have the " PACKET CAPTURE DEVICE" selection option on my screen. Here are the versions of CSPM and IDS:

Sensor version is : 3.0(1)S4

CSPM version is : 2.3.3i

Please comment.

245
Views
3
Helpful
6
Replies
CreatePlease to create content