Re: What's the Name of the Packet capturing device on a 4235,425

per.nielsen · ‎09-10-2002

On the 4210 the Packet Capturing device is called /dev/iprb0

what is it called on the new platforms 4235 and 4250

regards

Per

gbrother · ‎09-11-2002

The 4235 and 4250 use the /dev/e1000g0 driver. If you have the 4250sx version (fiber card) then the driver is /dev/e1000g2.

If you set the NameOfPacketDevice to "auto" it will auto detect these for you. By setting this to auto packetd will check to see if you have a fiber card first and set this as the sniffing interface otherwise it would select the e1000g0 interface.

jason_tsai · ‎09-13-2002

I don't know what is it called on 4235, but I know it called "/dev/fastethernet1" on 4250.

If you're using CSPM, the nr.packetd will not running.

Because it was removed from the /usr/nr/etc/daemon file.

I added it manually and restart ids then everything goes fine.

marcabal · ‎09-13-2002

Set NameOfPacketDevice to "auto" and nr.packetd will figure out what the sniffing interface is.

On the IDS-4235 and IDS-4250-TX /dev/e1000g0 is the interface. On a IDS-4250-SX /dev/e1000g2

So you know:

Nr.packetd is disabled on the sensor initially. This is to prevent the sensor from generating a bunch of alarms and holding them in queue before being added to CSPM. When added to CSPM the sensor would send all of the queued alarms, and could flood the CSPM console with old information from untuned alarms.

The first time you push a configuration from CSPM, it will enable nr.packetd (put it in the daemons file) and use the default device name "auto".

By waiting to start nr.packetd, it gives the user a chance to tune the sensor through CSPM before being flooded with alarms they would have filtered out anyway.

What's the Name of the Packet capturing device on a 4235,4250