topic IPS 4255 - Network Sniffer? in Network Security https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679577#M87533 <P>one of my network engineers has asked if I can use our IPS device as a sniffer to identify specific host to host traffic via a specific port. I am somewhat new to IPS and am looking for some direction</P><P></P><P>Thanks,</P><P>Dave</P> Sun, 10 Mar 2019 10:27:59 GMT davegon69 2019-03-10T10:27:59Z IPS 4255 - Network Sniffer? https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679577#M87533 <P>one of my network engineers has asked if I can use our IPS device as a sniffer to identify specific host to host traffic via a specific port. I am somewhat new to IPS and am looking for some direction</P><P></P><P>Thanks,</P><P>Dave</P> Sun, 10 Mar 2019 10:27:59 GMT https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679577#M87533 davegon69 2019-03-10T10:27:59Z Re: IPS 4255 - Network Sniffer? https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679578#M87534 <HTML><HEAD></HEAD><BODY><P>Yes, you can use an IPS for sniffing the packets. Refer the following URL for more information,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517b1.html" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517b1.html</A></P></BODY></HTML> Fri, 16 Feb 2007 21:00:27 GMT https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679578#M87534 s.jankowski 2007-02-16T21:00:27Z Re: IPS 4255 - Network Sniffer? https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679579#M87535 <HTML><HEAD></HEAD><BODY><P>Yes, but there are some limitations. Probably the best way to do this is via the CLI. Login with a normal account on the sensor (not a service account). Use the packet capture command:</P><P></P><P>sensor# packet capture gigabitEthernet0/0 expression <EXPRESSION></EXPRESSION></P><P></P><P>where <EXPRESSION> is a tcpdump expression. So:</EXPRESSION></P><P>sensor# packet capture gigabitEthernet0/0 expression host 192.168.1.1 and port 80</P><P></P><P>To get the capture off the sensor, use the "copy packet-file" command. The biggest limitation is the size. I think it's something like 15MB, which isn't always big enough.</P></BODY></HTML> Fri, 16 Feb 2007 21:21:40 GMT https://community.cisco.com/t5/network-security/ips-4255-network-sniffer/m-p/679579#M87535 mhellman 2007-02-16T21:21:40Z