16-5
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Chapter 16 Configuring NM-CIDS
Configuring Packet Capture
Step 6
Disconnect from the router:
router#
disconnect
Step 7
Press
Enter
to confirm the disconnection:
router# Closing connection to 10.16.0.0 [confirm] <Enter>
Telneting to NM-CIDS
You can also Telnet directly to the router with the port number corresponding to the NM-CIDS slot. Use
the address you established when configuring the loopback 0 interface in
Configuring IDS-Sensor
Interfaces on the Router, page 16-2
.
The port number is determined by the following formula: 2001 + 32 x slot number.
For example, for slot 1, the port number is 2033, for slot 2, it is 2065, and so forth.
To use Telnet to invoke a session to port 2033:
router#
telnet 10.16.0.0 2033
Configuring Packet Capture
You must enable the desired interfaces (including subinterfaces) on the router for packet monitoring. You
can select any number of interfaces or subinterfaces to be monitored. The packets sent and received on
these interfaces are forwarded to NM-CIDS for inspection. You enable and disable the interfaces through
the router CLI (Cisco IOS).
Note
If the router is performing encryption, the NM-CIDS receives the packets after decryption coming into
the router and before encryption leaving the router.
To configure packet capture on NM-CIDS, follow these steps:
Step 1
Log in to the router console.
Step 2
View your interface configuration:
router#
show run
Step 3
Identify the interfaces or subinterfaces that you want to monitor, for example, FastEthernet0/0.
Note
You can choose more than one interface or subinterface to monitor, but you can only edit one
interface at a time.
Step 4
Enter global configuration mode:
router#
configure terminal
Step 5
Specify the interface or subinterface:
router(config)#
interface FastEthernet0/0