Differences
This shows you the differences between two versions of the page.
security_wiki:cisco_asa_packet_capture [2014/11/18 22:16] billdozor created |
security_wiki:cisco_asa_packet_capture [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Cisco ASA Packet Capture ====== | ||
- | It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes. | ||
- | In this example, we are interested in traffic between two hosts; 192.168.1.134 and 192.168.5.56. | ||
- | You could also narrow it down to ports, but risk missing traffic. | ||
- | |||
- | 1) Create the ACL to narrow down interesting traffic: | ||
- | < | ||
- | asa(config)# | ||
- | access-list acl-capin extended permit ip host 192.168.1.134 host 192.168.5.56 | ||
- | access-list acl-capin extended permit ip host 192.168.5.56 host 192.168.1.134 | ||
- | </ | ||
- | |||
- | 2) Create and start packet capture using the ACL created above for filtering. | ||
- | |||
- | capture < | ||
- | < | ||
- | capture capin interface Inside access-list acl-capin | ||
- | </ | ||
- | |||
- | 3) View names of all captures that are created | ||
- | < | ||
- | show capture | ||
- | </ | ||
- | |||
- | 4) View content of specific capture | ||
- | < | ||
- | show capture capin | ||
- | </ | ||
- | |||
- | 5) Clear capture content | ||
- | < | ||
- | clear capture capin | ||
- | </ | ||
- | |||
- | 6) Delete capture | ||
- | < | ||
- | no capture capin | ||
- | </ | ||
- | |||
- | Don't forget to remove the now unused ACL. |