IDSM-2 Packet Capture - Only Seeing Uni-Directional Traffic
To whom it may concern,
Good day; I hope everyone's week is going well thus far. I have a question regarding packet captures on an IDSM2. Often times when I perform a capture on an IDSM2, I only seeing one-side of the traffic; for example, I only see the return traffic from the destination. See below for an example; I attempted to ping an asset on the other side of the IPS sensor and I only see the echo reply traffic; not the echo request traffic originating from my workstation.
I see this when I capture through the CLI or IDM. Has anyone else seen this as well? Is there a trick to ensuring I am capturing the traffic bi-directionally? Thank you!
iull03m-1# packet display gigabitEthernet0/7 expression vlan 3 and host 10.xx.251.209
Warning: This command will cause significant performance degradation
tcpdump: WARNING: ge0_7: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge0_7, link-type EN10MB (Ethernet), capture size 65535 bytes
16:59:18.574409 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38677, length 40
16:59:19.576836 IP 10.xx.59.34 > 10.xx.251.209: ICMP echo reply, id 512, seq 38933, length 40
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...