O'Reilly logo

Cisco Router and Switch Forensics by Dale Liu

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Incident

Once on the scene, we first gathered the non-volatile information. Now we progress to the volatile information. What is in the router's memory? What changes occurred between the startup config and the running config? We will also look at the syslog messages sent from the router to the machines recording these messages. As noted in the configuration, two machines were collecting syslog messages, so we can compare and contrast the two machines and note any discrepancies.
The first things we get are the startup and running configs, and we see how they differ (if they differ):
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Instructor_rtr
!
boot-start-marker
boot-end-marker
!
no ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required