https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html#topic1
Thursday 11 June 2020
Wednesday 10 June 2020
download packet capture (pcap) file from FMC / FTD / firepower
connect to the sensor of the FTD
use "system support diagnostic-cli" to go into ASA CLI
setup your capture as normal and capture your traffic.
Once complete "copy /pcap capture: disk0:"
now type exit twice to get out of ASA CLI
type "expert"
cd to "/mnt/disk0"
cp MYCAP.pcap /ngfw/var/common
On the FMC web interface
Devices -> hammer + wrech icon -> advanced
Go into advanced troubleshooting -> File download
Enter MYCAP.pcap and click download.
Saturday 6 June 2020
Deploying a Defensive Raspberry Pi
Raspberry pi
BroIDS (6:18)
Dependence
Doing the make on Bro takes a long time like 45 mins
Then make install
GW
Span / mirror port
Critical stack plugs into bro
Logstash (ELK stack)
inputs
filters
outputs
elastic search (database)
Kibana
Visualization engine (pie charts)
https://github.com/travisfsmith/sweetsecurity
Updated
Watching to make sure we are receiving packets
watch ifconfig eth0
We can use BPF to whitelist certain traffic like netflix traffic for example.
Mikrotik routers can capture packets on it.
We need a 64bit OS to install RITA
Looks like we can get a vdsl SFP for mikrotik
Subscribe to:
Posts (Atom)