Google ADs
Introduction
Cisco ASA packet capture and PIX firewall have a very nice feature set to capture traversing via the Firewall. This is quite a useful utility in operation and troubleshooting.
To capture traffic on a Cisco ASA or PIX Firewall the capture command can be used.
BELOW IS STEP BY STEP PROCEDURE TO ENABLE PACKET CAPTURE FOR RESPECTIVE TRAFFIC TYPE –
We want to capture traffic from/to host 192.168.0.1 located behind the DMZ interface.
Google ADs
Using access list is recommended as it is used to filter interesting traffic (Specific traffic capture we want to analyze) :
ASA(config)# access-list CAPTURE permit ip host 192.168.0.1 any
ASA(config)# access-list CAPTURE permit ip any host 192.168.0.1
ASA(config)# capture cap1 access-list CAPTURE interface dmz
ASA(config)# access-list CAPTURE permit ip any host 192.168.0.1
ASA(config)# capture cap1 access-list CAPTURE interface dmz
ASA(config)# show capture
capture cap1 access-list CAPTURE interface dmz
capture cap1 access-list CAPTURE interface dmz
show capture cap1
show capture cap1 detail
show capture cap1 dump
show capture cap1 detail
show capture cap1 dump
clear capture cap1
copy capture:cap1 tftp://10.0.0.1/dmzhost.txt
copy capture:cap1 tftp://10.0.0.1/dmzhost.txt pcap
ASA(config)# no capture cap1
Continue Reading:
CISCO ASA FIREWALL INTERVIEW QUESTIONS
ABOUT THE AUTHOR
Founder of AAR TECHNOSOLUTIONS, Rashmi is an evangelist for IT and technology. With more than 12 years in the IT ecosystem, she has been supporting multi domain functions across IT & consultancy services, in addition to Technical content making.
You can learn more about her on her linkedin profile – Rashmi Bhardwaj
