RE: CISCO IDS Packet capture

["Strand, John" <John.Strand () mms gov>]

First off, thanks for all of your responses thus far.

I am currently looking into what Paul Schnake sent me. It looks like it
might be what I need.. 

I am looking to see if the system can log the export the offending packet.
Within that I would like to see at least the header information, and as an
added bonus maybe some of the payload to be sifted through tcpdump or
ethereal. We have been using the context buffer for a while and that is
great, however in some situations we wanted to see more data. 

-----Original Message-----
From: Scherer, Brian [mailto:BScherer () dialamerica com] 
Sent: Tuesday, April 06, 2004 8:44 AM
To: Strand, John
Subject: RE: CISCO IDS Packet capture


I didn't know you could do a packet capture with the IDS but I know if
you go into security monitor then event viewer, if you right click on
sig name you can view the context buffer.  What type of logging are you
trying to do?
-Brian- 

-----Original Message-----
From: Strand, John [mailto:John.Strand () mms gov] 
Sent: Friday, April 02, 2004 8:36 AM
To: focus-ids () securityfocus com
Subject: CISCO IDS Packet capture


Hello All,

Does anyone know how to enable some level of packet capture and logging
on the CISCO IDS system (the newer version which interfaces with
CiscoWorks and can run on Win2K)? I have hunted through the CISCO
provided PDF's and their a little on the light side. I also have hit the
usual suspects, google, CISCO groups, etc.. 

Thanks in advance for any help.


js

------------------------------------------------------------------------
---

------------------------------------------------------------------------
---



---------------------------------------------------------------------------

---------------------------------------------------------------------------