Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Cisco ASA Packet Capture ====== **General Information** It is very useful to captures packets directly on an ASA Firewall for troubleshooting purposes. **Checklist** * ASA Firewall * Actual traffic to capture ---- ===== The Example ===== In this example, we are interested in traffic between two hosts; 192.168.1.134 and 192.168.5.56. You could also narrow it down to ports, but risk missing traffic. 1) Create the ACL to narrow down interesting traffic: <code> asa(config)# access-list acl-capin extended permit ip host 192.168.1.134 host 192.168.5.56 access-list acl-capin extended permit ip host 192.168.5.56 host 192.168.1.134 </code> 2) Create and start packet capture using the ACL created above for filtering. capture <capture-name> interface <interface-name> access-list <access-list-name> <code> capture capin interface Inside access-list acl-capin </code> 3) View names of all captures that are created <code> show capture </code> 4) View content of specific capture <code> show capture capin </code> 5) Clear capture content <code> clear capture capin </code> 6) Delete capture <code> no capture capin </code> Don't forget to remove the now unused ACL. security_wiki/cisco_asa_packet_capture.txt Last modified: 2019/05/25 23:50(external edit)