IDS mailing list archives
Re: Snoop on Cisco IDS (Was: CISCO IDS Packet capture)
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 16 Apr 2004 07:05:03 +1200
On Thu, Apr 08, 2004 at 03:11:20PM -0400, Alex Arndt wrote:
The new version (v4.0 or newer) runs on top of Red Hat Linux, so it would use tcpdump instead of snoop. Unfortunately, just as Chad Skipper pointed out in another reply, you can't run the IDS software and tcpdump at the same time (unlike snoop and IDS in v3.1 and older)
Does anyone know why that is? I routinely run tcpdump, snort and ethereal simultaneously on the same interface under Linux. The pcap stuff takes care of any issues, so what's so different about Cisco's "Linux"? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- CISCO IDS Packet capture Strand, John (Apr 06)
- RE: CISCO IDS Packet capture Alex Arndt (Apr 08)
- RE: CISCO IDS Packet capture Chad R. Skipper (Apr 08)
- Re: CISCO IDS Packet capture James Fields (Apr 08)
- <Possible follow-ups>
- RE: CISCO IDS Packet capture Matt Vaughan (Apr 08)
- RE: CISCO IDS Packet capture Strand, John (Apr 08)
- RE: CISCO IDS Packet capture Billy Dodson (Apr 08)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- Re: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Jason Haar (Apr 15)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- RE: CISCO IDS Packet capture Terence Runge (Apr 08)