security_wiki:cisco_asa_packet_capture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

security_wiki:cisco_asa_packet_capture [2014/11/20 19:35]
127.0.0.1 external edit
security_wiki:cisco_asa_packet_capture [2019/05/25 23:50]
Line 1: Line 1:
-====== Cisco ASA Packet Capture ====== 
-It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes. 
  
-In this example, we are interested in traffic between two hosts; 192.168.1.134 and 192.168.5.56. 
-You could also narrow it down to ports, but risk missing traffic. 
- 
-1) Create the ACL to narrow down interesting traffic: 
-<code> 
-asa(config)# 
-access-list acl-capin extended permit ip host 192.168.1.134 host 192.168.5.56 
-access-list acl-capin extended permit ip host 192.168.5.56 host 192.168.1.134 
-</code> 
- 
-2) Create and start packet capture using the ACL created above for filtering. 
- 
-capture <capture-name> interface <interface-name> access-list <access-list-name> 
-<code> 
-capture capin interface Inside access-list acl-capin 
-</code> 
- 
-3) View names of all captures that are created 
-<code> 
-show capture 
-</code> 
- 
-4) View content of specific capture 
-<code> 
-show capture capin 
-</code> 
- 
-5) Clear capture content 
-<code> 
-clear capture capin 
-</code> 
- 
-6) Delete capture 
-<code> 
-no capture capin 
-</code> 
- 
-Don't forget to remove the now unused ACL. 
  • security_wiki/cisco_asa_packet_capture.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)