Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Verify IDS reset connection

I just want to verify that a session was reset when it appears. I have setup a signature to be reset. It shows up as an alarm, just want to make sure the resets are happening.



Cisco Employee

Re: Verify IDS reset connection

We don't have a way to currently tell you whether or not the TCP Resets were executed or whether or not they were successful.

It has been requested by users and is being evaluated for inclusion in a future sensor version.

For a workaround you could try the following for a few specific instances:

Set the signature action to both TCP Resets and IPLOG.

Then when the signature fires the connection should be reset. After the signature fires all packets to and from the source address will be IPLOGGED. Then you can check the IPLOG with a program like ethereal (see to view the packets in the log file. See if any more packets came in on the same connection that the alarm fired on.

Note: There may be several connections from the source address that in the IPLOG file so you will need to check for the same addresses and ports from the connection that created the alarm.

CreatePlease login to create content