Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 300

Configuring Packet Capture
Note
Configure the interface to copy network traffic to NM-CIDS:
Step 6
router(config-if)# ids-service-module monitoring
Note
Exit interface mode:
Step 7
router(config-if)# exit
Repeat Steps 3 though 6 for each interface or subinterface that you want to monitor.
Step 8
Exit global configuration mode:
Step 9
router(config)# exit
Verify that NM-CIDS is analyzing network traffic.
Step 10
Open a Telnet or SSH session to the external interface on NM-CIDS.
a.
Note
Log in to NM-CIDS.
b.
View the interface statistics to make sure the monitoring interface is up:
c.
nm-cids# show interface clear
nm-cids# show interface
MAC statistics from interface FastEthernet0/1
Repeat Step c to see the counters gradually increasing. This indicates that NM-CIDS is receiving
d.
network traffic.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
16-6
The traffic comes from one of the router's interfaces.
Use the no ids-service-module monitoring command to turn off monitoring.
SSH requires allowed hosts. For the procedure, see
page 4-31.
Media Type = backplane
Missed Packet Percentage = 0
Inline Mode = Unpaired
Pair Status = N/A
Link Status = Up
Link Speed = Auto_100
Link Duplex = Auto_Full
Total Packets Received = 23
Total Bytes Received = 1721
Total Multicast Packets Received = 0
Total Broadcast Packets Received = 0
Total Jumbo Packets Received = 0
Total Undersize Packets Received = 0
Total Receive Errors = 0
Total Receive FIFO Overruns = 0
Total Packets Transmitted = 2
Total Bytes Transmitted = 120
Total Multicast Packets Transmitted = 0
Total Broadcast Packets Transmitted = 0
Total Jumbo Packets Transmitted = 0
Total Undersize Packets Transmitted = 0
Total Transmit Errors = 0
Total Transmit FIFO Overruns = 0
Chapter 16 Configuring NM-CIDS
Adding Hosts to the Known Hosts List,
78-16527-01