Cisco ASA Packet Capture

General Information

It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes.


  • ASA Firewall
  • Actual traffic to capture

In this example, we are interested in traffic between two hosts; and You could also narrow it down to ports, but risk missing traffic.

1) Create the ACL to narrow down interesting traffic:

access-list acl-capin extended permit ip host host
access-list acl-capin extended permit ip host host

2) Create and start packet capture using the ACL created above for filtering.

capture <capture-name> interface <interface-name> access-list <access-list-name>

capture capin interface Inside access-list acl-capin

3) View names of all captures that are created

show capture

4) View content of specific capture

show capture capin

5) Clear capture content

clear capture capin

6) Delete capture

no capture capin

Don't forget to remove the now unused ACL.

  • security_wiki/cisco_asa_packet_capture.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)