Cisco Systems IPS4510K9 Copying the Packet File

13-6

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Chapter13 Displaying and Capturing Live Traffic on an Interface

Copying the Packet File

03:03:15.218814 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:15.546866 IP 64.101.182.244.1978 > 10.89.130.108.23: P 0:2(2) ack 157 win

65535

03:03:15.546923 IP 10.89.130.108.23 > 64.101.182.244.1978: P 157:159(2) ack 2 wi

n 5840

03:03:15.736377 IP 64.101.182.244.1978 > 10.89.130.108.23: . ack 159 win 65533

03:03:17.219612 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:19.218535 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:19.843658 IP 64.101.182.143.3262 > 10.89.130.23.445: P 3749577803:37495778

56(53) ack 3040953472 win 64407

03:03:20.174835 IP 161.44.55.250.1720 > 10.89.130.60.445: S 3147454533:314745453

3(0) win 65520 <mss 1260,nop,nop,sackOK>

03:03:21.219958 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:21.508907 IP 161.44.55.250.1809 > 10.89.130.61.445: S 3152179859:315217985

9(0) win 65520 <mss 1260,nop,nop,sackOK>

03:03:23.221004 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:23.688099 IP 161.44.55.250.1975 > 10.89.130.63.445: S 3160484670:316048467

0(0) win 65520 <mss 1260,nop,nop,sackOK>

03:03:25.219054 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:25.846552 IP 172.20.12.10.2984 > 10.89.130.127.445: S 1345848756:134584875

6(0) win 64240 <mss 1460,nop,nop,sackOK>

03:03:26.195342 IP 161.44.55.250.2178 > 10.89.130.65.445: S 3170518052:317051805

2(0) win 65520 <mss 1260,nop,nop,sackOK>

03:03:27.222725 802.1d config TOP_CHANGE 8000.00:04:9a:66:35:01.8025 root 8000.0

0:04:6d:f9:e8:82 pathcost 8 age 2 max 20 hello 2 fdelay 15

03:03:27.299178 IP 161.44.55.250.2269 > 10.89.130.66.445: S 3174717959:317471795

9(0) win 65520 <mss 1260,nop,nop,sackOK>

03:03:27.308798 arp who-has 161.44.55.250 tell 10.89.130.66

03:03:28.383028 IP 161.44.55.250.2349 > 10.89.130.67.445: S 3178636061:317863606

1(0) win 65520 <mss 1260,nop,nop,sackOK>

--MORE--

Step 4

View any information about the packet file.

sensor# packet display file-info

Captured by: cisco:8874, Cmd: packet capture GigabitEthernet0/1

Start: 2003/01/07 00:12:50 UTC, End: 2003/01/07 00:15:30 UTC

sensor#

Copying the Packet File

Use the copy packet-file destination_url command to copy the packet file to an FTP or SCP server for

saving or further analysis with another tool, such as Wireshark or TCPDUMP.

The following options apply:

•

packet-file—Specifies the locally stored libpcap file that you captured using the packet capture

command.

•

Cisco Systems IPS4510K9 Copying the Packet File

13-6

View any information about the packet file.

Use the copy packet-file destination_url command to copy the packet file to an FTP or SCP server for

saving or further analysis with another tool, such as Wireshark or TCPDUMP.

The following options apply:

packet-file—Specifies the locally stored libpcap file that you captured using the packet capture

command.

destination_url—Specifies the location of the destination file to be copied. It can be a URL or a

keyword.