i am trying to a get a sensor working properly. It is unclear from the Cisco docs whether the packet capture interface is supposed to be configured with an IP. The sensors configured by my predecessor are all have their packet capture interfaces configured with an IP that sits on the web server VLAN. The Cisco docs imply that this is unnecessary. Anyone have any experience with this?
The packet capture interface is not configured with an IP, nor is it bound to a protocol stack. This is done so that an attacker can not detect or access the interface.
The command and control interface is the only interface that should be accessible (bound to protocol stack and IP number assigned). We also recommend that the cmd and control interface be secured and not be on the same network as the sniffing interface.
In the IDS-4230 (and older NRS sensors) the sniffing interface is /dev/spwr0 and the command and control interface is /dev/iprb0.
On the slim blue IDS-4210 sensors the sniffing interface is /dev/iprb0 and the command and control interface is /dev/iprb1.
In packetd.conf you can set the NameOfPacketDevice (ie. the sniffing interface) to the keyword "auto" and packetd will detect the type of hardware and automatically set itself to monitor the correct interface.
However, if you place an ip address on /dev/spwr0 as your predecessor has done then you can not use the "auto" detect feature, you will have to enter /dev/spwr0 for the NameOfPacketDevice.
It is recommended and standard procedure not place an addree on the /dev/spwr0 interface, except in rare circumstances where diagnostic information needs to be gathered.
It is possible that he placed on ip on the interfaces for diagnostic purposes and then left them as is, and forgot to remove the ip address.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...