{"id":270,"date":"2008-11-30T13:49:32","date_gmt":"2008-11-30T21:49:32","guid":{"rendered":"http:\/\/raffy.ch\/blog\/2008\/11\/30\/cisco-router-forensics\/"},"modified":"2008-11-30T13:49:58","modified_gmt":"2008-11-30T21:49:58","slug":"cisco-router-forensics","status":"publish","type":"post","link":"https:\/\/raffy.ch\/blog\/2008\/11\/30\/cisco-router-forensics\/","title":{"rendered":"CISCO Router Forensics"},"content":{"rendered":"<p>I just came across this list of command to capture the state of a CISCO router. I wanted to capture this and maybe inspire someone to build an application for <a href=\"http:\/\/splunk.com\">Splunk<\/a>. It would be interesting to build a set of expect scripts that go out and capture this information in Splunk. You can then use the information for forensics, but also for change management. By building alerts you could even alert on unauthorized or potentially malicious changes. If you are interested in building an application, let me know. I&#8217; be happy to help.<\/p>\n<pre>show clock detail\r\nshow version\r\nshow running-config\r\nshow startup-config\r\nshow reload\r\nshow users\r\nshow who\r\nshow log\r\nshow debug\r\nshow stack\r\nshow context\r\nshow tech-support\r\nshow processes\r\nshow processes cpu\r\nshow processes memory\r\ncontent of bootflash\r\nshow ip route\r\nshow ip ospf\r\nshow ip ospf summary\r\nshow ip ospf neighbors\r\nshow ip bgp summary\r\nshow cdp neighbors\r\nshow ip arp\r\nshow interfaces\r\nshow ip interfaces\r\nshow tcp brief all\r\nshow ip sockets\r\nshow ip nat translations verbose\r\nshow ip cache flow\r\nshow ip cef\r\nshow snmp\r\nshow snmp user\r\nshow snmp group\r\nshow snmp sessions\r\nshow file descriptors<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>I just came across this list of command to capture the state of a CISCO router. I wanted to capture this and maybe inspire someone to build an application for Splunk. It would be interesting to build a set of expect scripts that go out and capture this information in Splunk. You can then use [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[16,18,17],"class_list":["post-270","post","type-post","status-publish","format-standard","hentry","category-security-information-management","tag-cisco","tag-forensics","tag-router"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/comments?post=270"}],"version-history":[{"count":0,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/270\/revisions"}],"wp:attachment":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/media?parent=270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/categories?post=270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/tags?post=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}