security_wiki:cisco_asa_packet_capture

Cisco ASA Packet Capture

General Information

It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes.

Checklist

  • ASA Firewall
  • Actual traffic to capture

In this example, we are interested in traffic between two hosts; 192.168.1.134 and 192.168.5.56. You could also narrow it down to ports, but risk missing traffic.

1) Create the ACL to narrow down interesting traffic:

asa(config)#
access-list acl-capin extended permit ip host 192.168.1.134 host 192.168.5.56
access-list acl-capin extended permit ip host 192.168.5.56 host 192.168.1.134

2) Create and start packet capture using the ACL created above for filtering.

capture <capture-name> interface <interface-name> access-list <access-list-name>

capture capin interface Inside access-list acl-capin

3) View names of all captures that are created

show capture

4) View content of specific capture

show capture capin

5) Clear capture content

clear capture capin

6) Delete capture

no capture capin

Don't forget to remove the now unused ACL.

  • security_wiki/cisco_asa_packet_capture.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)