HOW TO CAPTURE TRAFFIC ON CISCO ASA/PIX

Cisco ASA and PIX firewall have a very nice feature set to capture traversing via the Firewall. This is quite a useful utility in operation and troubleshooting.

To capture traffic on a Cisco [p2p type=”slug” value=”pix-vs-asa”]ASA[/p2p] or [p2p type=”slug” value=”pix-vs-asa”]PIX[/p2p] Firewall the capture command can be used.


BELOW IS STEP BY STEP PROCEDURE TO ENABLE PACKET CAPTURE FOR RESPECTIVE TRAFFIC TYPE –

We want to capture traffic from/to host 192.168.0.1 located behind the DMZ interface.

Using access list is recommended as it is used to filter interesting traffic (Specific traffic capture we want to analyze) –

ASA(config)# access-list CAPTURE permit ip host 192.168.0.1 any
ASA(config)# access-list CAPTURE permit ip any host 192.168.0.1
ASA(config)# capture cap1 access-list CAPTURE interface dmz
ASA(config)# show capture
capture cap1 access-list CAPTURE interface dmz
Below are the Commands to show capturing results –
show capture cap1
show capture cap1 detail
show capture cap1 dump
Command to clear captured traffic:
clear capture cap1
Command to save results to [p2p type=”slug” value=”ftp-vs-tftp”]tftp[/p2p] server:
copy capture:cap1 tftp://10.0.0.1/dmzhost.txt
To save results in pcap format
copy capture:cap1 tftp://10.0.0.1/dmzhost.txt pcap
Command to disable capturing:
ASA(config)# no capture cap1

Please follow and like us:
error

Related Posts

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar

Checkout : E-STORE for latest release "JNCIP-SEC & JNCIA-SEC Interview Q&A " Dismiss