Cisco IPS-4255-K9 Installation Guide - Page 331
Software Upgrades, Upgrading and Analysis Engine, A-54
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 331 highlights
Chapter A Troubleshooting Troubleshooting the Appliance Step 3 Step 4 Step 5 Step 6 Step 7 specify-ip-payload-length no specify-ip-header-length no specify-ip-tos MORE-- Exit signature definition submode. sensor(config-sig-sig-ato)# exit sensor(config-sig-sig)# exit sensor(config-sig)# exit Apply Changes:?[yes]: Press Enter to apply the changes or type no to discard them. Make sure the correct alarms are being generated. sensor# show events alert evAlert: eventId=1047575239898467370 severity=medium originator: hostId: sj_4250_40 appName: sensorApp appInstanceId: 1004 signature: sigId=20000 sigName=STRING.TCP subSigId=0 version=Unknown addr: locality=OUT 172.16.171.19 port: 32771 victim: addr: locality=OUT 172.16.171.13 port: 23 actions: tcpResetSent: true Make sure the switch is allowing incoming TCP reset packet from the sensor. Refer to your switch documentation for more information. Make sure the resets are being sent. root# ./tcpdump -i eth0 src host 172.16.171.19 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0 13:58:03.823929 172.16.171.19.32770 > 172.16.171.13.telnet: R 79:79(0) ack 62 win 0 13:58:03.823930 172.16.171.19.32770 > 172.16.171.13.telnet: R 80:80(0) ack 62 win 0 13:58:03.823930 172.16.171.19.32770 > 172.16.171.13.telnet: R 80:80(0) ack 62 win 0 13:58:03.823930 172.16.171.19.32770 > 172.16.171.13.telnet: R 80:80(0) ack 62 win 0 Software Upgrades This section helps in troubleshooting software upgrades. It contains the following topics: • Upgrading and Analysis Engine, page A-54 • Which Updates to Apply and Their Prerequisites, page A-54 OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-53