Friday, February 27, 2009

Cisco ASA Packet Captures

Configuring Packet Captures

1. Setup ACL for the traffic you want:



access-list cap_acl line 1 extended permit ip any host 10.8.15.100



2. Setup capture for the acl



capture type raw-data access-list cap_acl interface



3. Get the output



show cap

capture packet-length 1500

This will capture the whole packet

Show capture detail - will show more info

Show capture dump – will show packet

To send to pcap tftp

PIX# copy /pcap capture: tftp:

To view the capture in a browser:
"https://firewall_ip/pcap/capture_name"



Posted by Jerome at 8:02 AM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)