Cisco ASA Packet Capture
General Information
It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes.
Checklist
- ASA Firewall
- Actual traffic to capture
The Example
In this example, we are interested in traffic between two hosts; 192.168.1.134 and 192.168.5.56. You could also narrow it down to ports, but risk missing traffic.
1) Create the ACL to narrow down interesting traffic:
asa(config)# access-list acl-capin extended permit ip host 192.168.1.134 host 192.168.5.56 access-list acl-capin extended permit ip host 192.168.5.56 host 192.168.1.134
2) Create and start packet capture using the ACL created above for filtering.
capture <capture-name> interface <interface-name> access-list <access-list-name>
capture capin interface Inside access-list acl-capin
3) View names of all captures that are created
show capture
4) View content of specific capture
show capture capin
5) Clear capture content
clear capture capin
6) Delete capture
no capture capin
Don't forget to remove the now unused ACL.