[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Proventia Devices (Fiber packet captures)



If the proventia has the any of the same features as the Sentry you may be able to set the advanced parameter "packetlog.filesuffix=.tcp" and store the captures in TCPdump format instead. 



-Tom

-----Original Message-----
From: issforum-admin@xxxxxxx [mailto:issforum-admin@xxxxxxx]On Behalf Of
ISS Technical Support
Sent: Wednesday, January 28, 2004 8:58 AM
To: HACKER, ERIC W; Reeves, Mike; issforum@xxxxxxx
Subject: RE: [ISSForum] Proventia Devices (Fiber packet captures)


Mike,

Since all of the Proventia appliances (including A1204F) except the A201 utilize stealth Ethernet drivers, you cannot use tcpdump to monitor the traffic on these ports. In order to capture traffic seen by the monitoring interfaces, set the packetlog.enabled advanced parameter to "true" and download the .enc files through the "Download Logs" option of SiteProtector. These files are in Microsoft Network Monitor format and can be examined with any packet capture tool.

Jeff

-----Original Message-----
From: issforum-admin@xxxxxxxxxxxxxxxx On Behalf Of HACKER, ERIC W
Sent: Tuesday, January 27, 2004 10:35 PM
To: Reeves, Mike; issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Proventia Devices (Fiber packet captures)


One issue with the multiport Proventias (A604 and A1204) is the inability to
do raw packet captures on the IDS interfaces with tcpdump or the like. When
one does an ifconfig the fiber interfaces are not even listed.

This is a serious impediment to troubleshooting IDS issues as well as
testing the installation in a complex environment.

If I had thought to test that before we started deploying them, I might not
have ordered any.

Eric Hacker, Enterprise Security Information Architect, FleetBoston
Financial


> -----Original Message-----
> From: Reeves, Mike [mailto:Mike.Reeves@xxxxxx]
> Sent: Tuesday, December 30, 2003 3:51 PM
> To: 'issforum@xxxxxxx'
> Subject: [ISSForum] Proventia Devices
> 
> Anyone have any good or bad experiences dealing with Proventia? Looking
> for
> information on grunt level management of the devices, such as maintaining
> the device, updating it, wacky issues etc.
> 
> Thanks,
> 
> Mike

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo