Cisco ASA and PIX firewall have a very nice feature set to capture traversing via the Firewall. This is quite a useful utility in operation and troubleshooting.
To capture traffic on a Cisco [p2p type=”slug” value=”pix-vs-asa”]ASA[/p2p] or [p2p type=”slug” value=”pix-vs-asa”]PIX[/p2p] Firewall the capture command can be used.
BELOW IS STEP BY STEP PROCEDURE TO ENABLE PACKET CAPTURE FOR RESPECTIVE TRAFFIC TYPE –
We want to capture traffic from/to host 192.168.0.1 located behind the DMZ interface.
Using access list is recommended as it is used to filter interesting traffic (Specific traffic capture we want to analyze) –Below are the Commands to show capturing results –
Command to clear captured traffic:
Command to save results to [p2p type=”slug” value=”ftp-vs-tftp”]tftp[/p2p] server:
To save results in pcap format
Command to disable capturing: