Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

What's the Name of the Packet capturing device on a 4235,4250

On the 4210 the Packet Capturing device is called /dev/iprb0

what is it called on the new platforms 4235 and 4250

regards

Per

3 REPLIES
Cisco Employee

Re: What's the Name of the Packet capturing device on a 4235,425

The 4235 and 4250 use the /dev/e1000g0 driver. If you have the 4250sx version (fiber card) then the driver is /dev/e1000g2.

If you set the NameOfPacketDevice to "auto" it will auto detect these for you. By setting this to auto packetd will check to see if you have a fiber card first and set this as the sniffing interface otherwise it would select the e1000g0 interface.

Community Member

Re: What's the Name of the Packet capturing device on a 4235,425

I don't know what is it called on 4235, but I know it called "/dev/fastethernet1" on 4250.

If you're using CSPM, the nr.packetd will not running.

Because it was removed from the /usr/nr/etc/daemon file.

I added it manually and restart ids then everything goes fine.

Cisco Employee

Re: What's the Name of the Packet capturing device on a 4235,425

Set NameOfPacketDevice to "auto" and nr.packetd will figure out what the sniffing interface is.

On the IDS-4235 and IDS-4250-TX /dev/e1000g0 is the interface. On a IDS-4250-SX /dev/e1000g2

So you know:

Nr.packetd is disabled on the sensor initially. This is to prevent the sensor from generating a bunch of alarms and holding them in queue before being added to CSPM. When added to CSPM the sensor would send all of the queued alarms, and could flood the CSPM console with old information from untuned alarms.

The first time you push a configuration from CSPM, it will enable nr.packetd (put it in the daemons file) and use the default device name "auto".

By waiting to start nr.packetd, it gives the user a chance to tune the sensor through CSPM before being flooded with alarms they would have filtered out anyway.

103
Views
0
Helpful
3
Replies
CreatePlease to create content